Credentials Management Errors

CVE-2012-4733

Medium

6/10

Summary

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: SINGLE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-255 - Credentials Management Errors

Weaknesses in this category are related to the management of credentials.

References

Advisory Timeline

Published Aug 23, 2013

Credentials Management Errors

CVE-2012-4733

Summary

CWE-255 - Credentials Management Errors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS