PT-2019-6596 · Edgewall · Trac
Henri Salo
·
Published
2019-11-13
·
Updated
2019-11-18
·
CVE-2010-5108
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Trac version 0.11.6
Description
The issue allows an attacker to modify a ticket's status and resolution without proper permissions due to inadequate workflow permission checks.
Recommendations
For Trac version 0.11.6, update to a newer version that includes proper workflow permission checks to prevent unauthorized ticket modifications.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trac