Vulnerability Description
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.
CVSS Score
6.0
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bestpractical | Rt | 3.8.0 |
References
- http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.htmlPatchVendor Advisory
- http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.htmlPatchVendor Advisory
- http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.htmlPatchVendor Advisory
- http://secunia.com/advisories/53505Vendor Advisory
- http://secunia.com/advisories/53522Vendor Advisory
- http://www.debian.org/security/2012/dsa-2670
- http://www.osvdb.org/93610
- http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.htmlPatchVendor Advisory
- http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.htmlPatchVendor Advisory
- http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.htmlPatchVendor Advisory
- http://secunia.com/advisories/53505Vendor Advisory
- http://secunia.com/advisories/53522Vendor Advisory
- http://www.debian.org/security/2012/dsa-2670
- http://www.osvdb.org/93610
FAQ
What is CVE-2013-3369?
CVE-2013-3369 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via uns...
How severe is CVE-2013-3369?
CVE-2013-3369 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3369?
Check the references section above for vendor advisories and patch information. Affected products include: Bestpractical Rt.