CVE-2012-6580
First published: Wed Jul 24 2013(Updated: )
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Request Tracker | =3.8.3 | |
| Request Tracker | =3.8.4 | |
| Request Tracker | =3.8.7 | |
| Request Tracker | =3.8.9 | |
| Request Tracker | =3.8.10 | |
| Request Tracker | =3.8.11 | |
| Request Tracker | =3.8.12 | |
| Request Tracker | =3.8.13 | |
| Request Tracker | =3.8.14 | |
| Request Tracker | =4.0.0 | |
| Request Tracker | =4.0.1 | |
| Request Tracker | =4.0.2 | |
| Request Tracker | =4.0.3 | |
| Request Tracker | =4.0.4 | |
| Request Tracker | =4.0.5 | |
| Request Tracker | =4.0.6 | |
| Request Tracker | =4.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2012-6580?
CVE-2012-6580 is classified as a medium severity vulnerability due to its potential impact on message integrity and encryption policy enforcement.
How do I fix CVE-2012-6580?
To fix CVE-2012-6580, upgrade to Best Practical Solutions Request Tracker version 3.8.15 or 4.0.8 or later.
Which versions of Request Tracker are affected by CVE-2012-6580?
CVE-2012-6580 affects Request Tracker versions 3.8.x before 3.8.15 and 4.0.x before 4.0.8.
What is the impact of CVE-2012-6580?
The impact of CVE-2012-6580 may allow remote attackers to spoof message details or interfere with encryption policy auditing.
Is GnuPG required for CVE-2012-6580 to be applicable?
Yes, CVE-2012-6580 is applicable only when GnuPG is enabled in the affected versions of Request Tracker.
- agent/type
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/bestpractical
- canonical/request tracker
- version/request tracker/3.8.3
- version/request tracker/3.8.4
- version/request tracker/3.8.7
- version/request tracker/3.8.9
- version/request tracker/3.8.10
- version/request tracker/3.8.11
- version/request tracker/3.8.12
- version/request tracker/3.8.13
- version/request tracker/3.8.14
- version/request tracker/4.0.0
- version/request tracker/4.0.1
- version/request tracker/4.0.2
- version/request tracker/4.0.3
- version/request tracker/4.0.4
- version/request tracker/4.0.5
- version/request tracker/4.0.6
- version/request tracker/4.0.7