CVE-2012-6581

Name of the Vulnerable Software and Affected Versions Best Practical Solutions RT versions 3.8.x through 3.8.14 Best Practical Solutions RT versions 4.0.x through 4.0.7

Description The issue allows remote attackers to bypass intended restrictions on reading keys in the product's keyring and trigger outbound e-mail messages signed by an arbitrary stored secret key when GnuPG is enabled. This is achieved by leveraging a UI e-mail signing privilege.

Recommendations For versions 3.8.x through 3.8.14, update to version 3.8.15 or later to resolve the issue. For versions 4.0.x through 4.0.7, update to version 4.0.8 or later to resolve the issue.