CVE

Id
53005  
CVE No.
CVE-2011-5093  
Status
Candidate  
Description
Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092.  
Phase
Assigned (20120604)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
561507 53005 CVE-2011-5093 MLIST:[rt-announce] 20120522 RT 3.8.12 Released - Security Release  View
561508 53005 CVE-2011-5093 URL:http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html  View
561509 53005 CVE-2011-5093 MLIST:[rt-announce] 20120522 RT 4.0.6 Released - Security Release  View
561510 53005 CVE-2011-5093 URL:http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html  View
561511 53005 CVE-2011-5093 MLIST:[rt-announce] 20120522 Security vulnerabilities in RT  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
34871 JVNDB-2011-005113 Chef の Chef Server におけるアクセス制限を回避される脆弱性 Chef の Chef Server の chef-server-api/app/controllers/clients.rb は、管理クライアントの作成に管理者権限を必要としないため、アクセス制限を回避される脆弱性が存在します。 CVE-2011-5098 53005 6.5 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005113.html  View