Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Request Tracker 安全绕过漏洞
Vulnerability Description
Best Practical Solutions Request Tracker(RT)是美国Best Practical Solutions公司的一套企业级开源问题跟踪系统。该系统具有Bug跟踪、客户服务、自定义工作流等功能。 Request Tracker (RT) 4.0.0至4.0.12版本中存在远程提权漏洞,该漏洞源于没有正确执行DeleteTicket和‘custom lifecycle transition’权限。远程经过授权的攻击者可利用该漏洞以ModifyTicket权限删除票务数据。
CVSS Information
N/A
Vulnerability Type
N/A