Detections
Analytics

Alpine: rt4: security update to 4.0.7-r0

high Tenable Self-Hosted Container Security Plugin ID 401254

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with
 ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or
 obtain sensitive information via unknown vectors. (CVE-2012-4730)

 - FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows
 remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.
 (CVE-2012-4731)

 - Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before
 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of
 users for requests that toggle ticket bookmarks. (CVE-2012-4732)

 - Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a
 "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify
 arbitrary state" via unknown vectors related to a crafted link. (CVE-2012-4734)

 - Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows
 remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.
 (CVE-2012-4884)

See Also

https://git.alpinelinux.org/aports/commit/?id=3327959a4eb2048b45441d55ab84450d4e0b704b

https://git.alpinelinux.org/aports/commit/?id=72f1d6de2cdbf78b461e0b3fdf8ee924bd4534e7

Plugin Details

Severity: High

ID: 401254

Version: Revision 1.23

Type: Local

Published: 8/16/2023

Updated: 11/11/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2012-4732

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 10/26/2012

Vulnerability Publication Date: 10/26/2012

Reference Information

CVE: CVE-2012-4730, CVE-2012-4731, CVE-2012-4732, CVE-2012-4734, CVE-2012-4884

BID: 56290, 56291