Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a Sign by default queue configuration, uses a queues key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Request_tracker | Bestpractical | 3.8.3 (including) | 3.8.3 (including) |
| Request_tracker | Bestpractical | 3.8.4 (including) | 3.8.4 (including) |
| Request_tracker | Bestpractical | 3.8.7 (including) | 3.8.7 (including) |
| Request_tracker | Bestpractical | 3.8.9 (including) | 3.8.9 (including) |
| Request_tracker | Bestpractical | 3.8.10 (including) | 3.8.10 (including) |
| Request_tracker | Bestpractical | 3.8.11 (including) | 3.8.11 (including) |
| Request_tracker | Bestpractical | 3.8.12 (including) | 3.8.12 (including) |
| Request_tracker | Bestpractical | 3.8.13 (including) | 3.8.13 (including) |
| Request_tracker | Bestpractical | 3.8.14 (including) | 3.8.14 (including) |
| Request-tracker3.8 | Ubuntu | lucid | * |
| Request-tracker3.8 | Ubuntu | precise | * |
| Request-tracker3.8 | Ubuntu | upstream | * |
| Request-tracker4 | Ubuntu | precise | * |
| Request-tracker4 | Ubuntu | quantal | * |
| Request-tracker4 | Ubuntu | raring | * |
| Request-tracker4 | Ubuntu | upstream | * |