Vulnerability Details CVE-2017-5944
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.044
EPSS Ranking 88.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://www.debian.org/security/2017/dsa-3882
- http://www.securityfocus.com/bid/99381
- https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016
- http://www.debian.org/security/2017/dsa-3882
- http://www.securityfocus.com/bid/99381
- https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016
Products affected by CVE-2017-5944
-
cpe:2.3:a:bestpractical:request_tracker:4.0.0
-
cpe:2.3:a:bestpractical:request_tracker:4.0.1
-
cpe:2.3:a:bestpractical:request_tracker:4.0.10
-
cpe:2.3:a:bestpractical:request_tracker:4.0.11
-
cpe:2.3:a:bestpractical:request_tracker:4.0.12
-
cpe:2.3:a:bestpractical:request_tracker:4.0.13
-
cpe:2.3:a:bestpractical:request_tracker:4.0.14
-
cpe:2.3:a:bestpractical:request_tracker:4.0.15
-
cpe:2.3:a:bestpractical:request_tracker:4.0.16
-
cpe:2.3:a:bestpractical:request_tracker:4.0.17
-
cpe:2.3:a:bestpractical:request_tracker:4.0.18
-
cpe:2.3:a:bestpractical:request_tracker:4.0.19
-
cpe:2.3:a:bestpractical:request_tracker:4.0.2
-
cpe:2.3:a:bestpractical:request_tracker:4.0.20
-
cpe:2.3:a:bestpractical:request_tracker:4.0.21
-
cpe:2.3:a:bestpractical:request_tracker:4.0.22
-
cpe:2.3:a:bestpractical:request_tracker:4.0.23
-
cpe:2.3:a:bestpractical:request_tracker:4.0.24
-
cpe:2.3:a:bestpractical:request_tracker:4.0.3
-
cpe:2.3:a:bestpractical:request_tracker:4.0.4
-
cpe:2.3:a:bestpractical:request_tracker:4.0.5
-
cpe:2.3:a:bestpractical:request_tracker:4.0.6
-
cpe:2.3:a:bestpractical:request_tracker:4.0.7
-
cpe:2.3:a:bestpractical:request_tracker:4.0.8
-
cpe:2.3:a:bestpractical:request_tracker:4.0.9
-
cpe:2.3:a:bestpractical:request_tracker:4.2.0
-
cpe:2.3:a:bestpractical:request_tracker:4.2.1
-
cpe:2.3:a:bestpractical:request_tracker:4.2.10
-
cpe:2.3:a:bestpractical:request_tracker:4.2.11
-
cpe:2.3:a:bestpractical:request_tracker:4.2.12
-
cpe:2.3:a:bestpractical:request_tracker:4.2.13
-
cpe:2.3:a:bestpractical:request_tracker:4.2.2
-
cpe:2.3:a:bestpractical:request_tracker:4.2.3
-
cpe:2.3:a:bestpractical:request_tracker:4.2.4
-
cpe:2.3:a:bestpractical:request_tracker:4.2.5
-
cpe:2.3:a:bestpractical:request_tracker:4.2.6
-
cpe:2.3:a:bestpractical:request_tracker:4.2.7
-
cpe:2.3:a:bestpractical:request_tracker:4.2.8
-
cpe:2.3:a:bestpractical:request_tracker:4.2.9
-
cpe:2.3:a:bestpractical:request_tracker:4.4.0
-
cpe:2.3:a:bestpractical:request_tracker:4.4.1