CVE-2011-4459 Information

Description

Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership.

Reference

http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660