Vulnerability Description
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bestpractical | Rt | <= 3.8.9 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614576Patch
- http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.htmlPatch
- http://openwall.com/lists/oss-security/2011/02/22/12Patch
- http://openwall.com/lists/oss-security/2011/02/22/16Patch
- http://openwall.com/lists/oss-security/2011/02/22/6Patch
- http://openwall.com/lists/oss-security/2011/02/23/22
- http://openwall.com/lists/oss-security/2011/02/24/7
- http://openwall.com/lists/oss-security/2011/02/24/8
- http://openwall.com/lists/oss-security/2011/02/24/9
- http://osvdb.org/71011
- http://secunia.com/advisories/43438Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0475Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65772
- https://github.com/bestpractical/rt/commit/2338cd19ed7a7f4c1e94f639ab2789d6586d0Patch
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430
FAQ
What is CVE-2011-1008?
CVE-2011-1008 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain ...
How severe is CVE-2011-1008?
CVE-2011-1008 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1008?
Check the references section above for vendor advisories and patch information. Affected products include: Bestpractical Rt.