CVE-2012-4731

EUVD-2012-4656
FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
bestpracticalrtfm
𝑥
≤ 2.4.3
bestpracticalrtfm
2.2.0
bestpracticalrtfm
2.2.1
bestpracticalrtfm
2.2.2
bestpracticalrtfm
2.4.0
bestpracticalrtfm
2.4.1
bestpracticalrtfm
2.4.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
request-tracker4
bookworm
4.4.6+dfsg-1.1+deb12u1
fixed
bookworm (security)
4.4.6+dfsg-1.1+deb12u1
fixed
bullseye
4.4.4+dfsg-2+deb11u3
fixed
bullseye (security)
4.4.4+dfsg-2+deb11u3
fixed
sid
4.4.7+dfsg-3
fixed
trixie
4.4.7+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rtfm
hardy
ignored
lucid
ignored
oneiric
ignored
precise
ignored
quantal
dne
raring
dne
saucy
dne
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000215.html
http://secunia.com/advisories/51062
http://secunia.com/advisories/51111
http://www.debian.org/security/2012/dsa-2568
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000215.html
http://secunia.com/advisories/51062
http://secunia.com/advisories/51111
http://www.debian.org/security/2012/dsa-2568