CVE-2012-6581
First published: Wed Jul 24 2013(Updated: )
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Request Tracker | =3.8.3 | |
| Request Tracker | =3.8.4 | |
| Request Tracker | =3.8.7 | |
| Request Tracker | =3.8.9 | |
| Request Tracker | =3.8.10 | |
| Request Tracker | =3.8.11 | |
| Request Tracker | =3.8.12 | |
| Request Tracker | =3.8.13 | |
| Request Tracker | =3.8.14 | |
| Request Tracker | =4.0.0 | |
| Request Tracker | =4.0.1 | |
| Request Tracker | =4.0.2 | |
| Request Tracker | =4.0.3 | |
| Request Tracker | =4.0.4 | |
| Request Tracker | =4.0.5 | |
| Request Tracker | =4.0.6 | |
| Request Tracker | =4.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2012-6581?
CVE-2012-6581 has a medium severity rating due to its potential to allow unauthorized access to sensitive keyring data.
How do I fix CVE-2012-6581?
To fix CVE-2012-6581, upgrade to Best Practical Solutions Request Tracker version 3.8.15 or 4.0.8 or later.
What versions are affected by CVE-2012-6581?
CVE-2012-6581 affects Best Practical Solutions Request Tracker versions 3.8.x before 3.8.15 and 4.0.x before 4.0.8.
What is the impact of CVE-2012-6581?
CVE-2012-6581 allows attackers to bypass restrictions on reading keys and send emails signed with arbitrary secret keys.
Is GnuPG necessary for CVE-2012-6581 to be exploited?
Yes, GnuPG must be enabled for CVE-2012-6581 to be exploited.
- agent/type
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/bestpractical
- canonical/request tracker
- version/request tracker/3.8.3
- version/request tracker/3.8.4
- version/request tracker/3.8.7
- version/request tracker/3.8.9
- version/request tracker/3.8.10
- version/request tracker/3.8.11
- version/request tracker/3.8.12
- version/request tracker/3.8.13
- version/request tracker/3.8.14
- version/request tracker/4.0.0
- version/request tracker/4.0.1
- version/request tracker/4.0.2
- version/request tracker/4.0.3
- version/request tracker/4.0.4
- version/request tracker/4.0.5
- version/request tracker/4.0.6
- version/request tracker/4.0.7