CVE-2012-4733
EPSS 0.57%request-tracker4 - several
Published: 8/23/2013Modified: 3/9/2026
Description
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
Affected packages (2)
- Debian/request-tracker4from 0, < 4.0.12-2
- Debian/request-tracker4from 0, < 4.0.7-5+deb7u2