CVE-2011-1008

Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
bestpracticalrt
𝑥
≤ 3.8.9
bestpracticalrt
1.0.0
bestpracticalrt
1.0.1
bestpracticalrt
1.0.2
bestpracticalrt
1.0.3
bestpracticalrt
1.0.4
bestpracticalrt
1.0.5
bestpracticalrt
1.0.6
bestpracticalrt
1.0.7
bestpracticalrt
2.0.0
bestpracticalrt
2.0.1
bestpracticalrt
2.0.2
bestpracticalrt
2.0.3
bestpracticalrt
2.0.4
bestpracticalrt
2.0.5
bestpracticalrt
2.0.5.1
bestpracticalrt
2.0.5.3
bestpracticalrt
2.0.6
bestpracticalrt
2.0.7
bestpracticalrt
2.0.8
bestpracticalrt
2.0.8.2
bestpracticalrt
2.0.9
bestpracticalrt
2.0.11
bestpracticalrt
2.0.12
bestpracticalrt
2.0.13
bestpracticalrt
2.0.14
bestpracticalrt
2.0.15
bestpracticalrt
3.0.0
bestpracticalrt
3.0.1
bestpracticalrt
3.0.2
bestpracticalrt
3.0.3
bestpracticalrt
3.0.4
bestpracticalrt
3.0.5
bestpracticalrt
3.0.6
bestpracticalrt
3.0.7
bestpracticalrt
3.0.7.1
bestpracticalrt
3.0.8
bestpracticalrt
3.0.9
bestpracticalrt
3.0.10
bestpracticalrt
3.0.11
bestpracticalrt
3.0.12
bestpracticalrt
3.2.0
bestpracticalrt
3.2.1
bestpracticalrt
3.2.2
bestpracticalrt
3.2.3
bestpracticalrt
3.4.0
bestpracticalrt
3.4.1
bestpracticalrt
3.4.2
bestpracticalrt
3.4.3
bestpracticalrt
3.4.4
bestpracticalrt
3.4.5
bestpracticalrt
3.4.6
bestpracticalrt
3.6.0
bestpracticalrt
3.6.1
bestpracticalrt
3.6.2
bestpracticalrt
3.6.3
bestpracticalrt
3.6.4
bestpracticalrt
3.6.5
bestpracticalrt
3.6.6
bestpracticalrt
3.6.7
bestpracticalrt
3.6.8
bestpracticalrt
3.6.9
bestpracticalrt
3.8.0
bestpracticalrt
3.8.1
bestpracticalrt
3.8.2
bestpracticalrt
3.8.3
bestpracticalrt
3.8.4
bestpracticalrt
3.8.5
bestpracticalrt
3.8.6
bestpracticalrt
3.8.6:rc1
bestpracticalrt
3.8.7:rc1
bestpracticalrt
3.8.8:rc2
bestpracticalrt
3.8.8:rc3
bestpracticalrt
3.8.8:rc4
bestpracticalrt
3.8.9:rc1
bestpracticalrt
3.8.9:rc2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
request-tracker3.6
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
ignored
hardy
ignored
dapper
dne
request-tracker3.8
raring
dne
quantal
dne
precise
not-affected
oneiric
not-affected
natty
Fixed 3.8.10-1
released
maverick
Fixed 3.8.8-4ubuntu0.1
released
lucid
Fixed 3.8.7-1ubuntu2.2
released
karmic
ignored
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614576
http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html
http://openwall.com/lists/oss-security/2011/02/22/12
http://openwall.com/lists/oss-security/2011/02/22/16
http://openwall.com/lists/oss-security/2011/02/22/6
http://openwall.com/lists/oss-security/2011/02/23/22
http://openwall.com/lists/oss-security/2011/02/24/7
http://openwall.com/lists/oss-security/2011/02/24/8
http://openwall.com/lists/oss-security/2011/02/24/9
http://osvdb.org/71011
http://secunia.com/advisories/43438
http://www.vupen.com/english/advisories/2011/0475
https://exchange.xforce.ibmcloud.com/vulnerabilities/65772
https://github.com/bestpractical/rt/commit/2338cd19ed7a7f4c1e94f639ab2789d6586d01f3
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614576
http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html
http://openwall.com/lists/oss-security/2011/02/22/12
http://openwall.com/lists/oss-security/2011/02/22/16
http://openwall.com/lists/oss-security/2011/02/22/6
http://openwall.com/lists/oss-security/2011/02/23/22
http://openwall.com/lists/oss-security/2011/02/24/7
http://openwall.com/lists/oss-security/2011/02/24/8
http://openwall.com/lists/oss-security/2011/02/24/9
http://osvdb.org/71011
http://secunia.com/advisories/43438
http://www.vupen.com/english/advisories/2011/0475
https://exchange.xforce.ibmcloud.com/vulnerabilities/65772
https://github.com/bestpractical/rt/commit/2338cd19ed7a7f4c1e94f639ab2789d6586d01f3
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E