Unrated severityNVD Advisory· Published Jul 24, 2013· Updated Apr 29, 2026
CVE-2012-6581
CVE-2012-6581
Description
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.
Affected products
17cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:3.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:3.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.htmlnvdPatchVendor Advisory
News mentions
0No linked articles in our index yet.