{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-07-24T10:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[rt-announce] 20121025 Security vulnerabilities in RT", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6580", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[rt-announce] 20121025 Security vulnerabilities in RT", "refsource": "MLIST", "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:36:01.367Z"}, "title": "CVE Program Container", "references": [{"name": "[rt-announce] 20121025 Security vulnerabilities in RT", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-6580", "datePublished": "2013-07-24T10:00:00Z", "dateReserved": "2013-07-23T00:00:00Z", "dateUpdated": "2024-09-17T02:11:50.976Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "E751355A-5C27-47D5-A501-BE0033BB8E06", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "FB660C2B-9EAB-45E7-83D4-C61B71A70704", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "6149929E-AC54-484C-9914-BE5B9011B6C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "96D2D87E-2C68-44F7-B8C5-922452742A4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "FDD49949-14EC-4023-8FC5-6BDC5EC64991", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "8BF47625-80E7-4B73-8C93-8E022AC2703B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "C24F467B-2654-4ED4-B1C9-66BE6D263C72", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "5947B639-9DA1-401A-A227-31A065B4C1A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "E53B005E-8714-4E5D-B026-E22C7FA6DCEA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address."}, {"lang": "es", "value": "Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG est\u00e1 activado, no se asegura que las etiquetas UI descifradas se encuentren en este estado, lo que podr\u00eda facilitar a atacantes remotos suplantar los detalles del origen del mensaje o interferir con la auditor\u00eda de pol\u00edtica de cifrado a trav\u00e9s de un mensaje hacia una cola de direcciones."}], "id": "CVE-2012-6580", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-07-24T12:01:45.100", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}