CVE-2012-4734

Severity

50%

Complexity

99%

Confidentiality

48%

Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link.

Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

Type

Best Practical Solutions RT

First reported 12 years ago

2012-11-11 13:00:00

Last updated 11 years ago

2013-03-02 04:46:00

Affected Software

Best Practical Solutions RT 3.8.0

3.8.0

Best Practical Solutions RT 3.8.0 preflight1

3.8.0

Best Practical Solutions RT 3.8.0 Release Candidate 1

3.8.0

Best Practical Solutions RT 3.8.0 Release Candidate 2

3.8.0

Best Practical Solutions RT 3.8.0 Release Candidate 3

3.8.0

Best Practical Solutions RT 3.8.1

3.8.1

Best Practical Solutions RT 3.8.1 preflight0

3.8.1

Best Practical Solutions RT 3.8.1 Release Candidate 1

3.8.1

Best Practical Solutions RT 3.8.1 Release Candidate 2

3.8.1

Best Practical Solutions RT 3.8.1 Release Candidate 3

3.8.1

Best Practical Solutions RT 3.8.1 Release Candidate 4

3.8.1

Best Practical Solutions RT 3.8.1 Release Candidate 5

3.8.1

Best Practical Solutions RT 3.8.2

3.8.2

Best Practical Solutions RT 3.8.2 Release Candidate 1

3.8.2

Best Practical Solutions RT 3.8.2 Release Candidate 2

3.8.2

Best Practical Solutions RT 3.8.3

3.8.3

Best Practical Solutions RT 3.8.3 Release Candidate 1

3.8.3

Best Practical Solutions RT 3.8.3 Release Candidate 2

3.8.3

Best Practical Solutions RT 3.8.4

3.8.4

Best Practical Solutions RT 3.8.4 Release Candidate 1

3.8.4

Best Practical Solutions RT 3.8.5

3.8.5

Best Practical Solutions RT 3.8.6

3.8.6

Best Practical Solutions RT 3.8.6 Release Candidate 1

3.8.6

Best Practical Solutions RT 3.8.7

3.8.7

Best Practical Solutions RT 3.8.7 Release Candidate 1

3.8.7

Best Practical Solutions RT 3.8.8

3.8.8

Best Practical Solutions RT 3.8.8 Release Candidate 2

3.8.8

Best Practical Solutions RT 3.8.8 Release Candidate 3

3.8.8

Best Practical Solutions RT 3.8.8 Release Candidate 4

3.8.8

Best Practical Solutions RT 3.8.9

3.8.9

Best Practical Solutions RT 3.8.9 Release Candidate 1

3.8.9

Best Practical Solutions RT 3.8.9 Release Candidate 2

3.8.9

Best Practical Solutions RT 3.8.9 Release Candidate 3

3.8.9

Best Practical Solutions RT 3.8.10

3.8.10

Best Practical Solutions RT 3.8.10 Release Candidate 1

3.8.10

Best Practical Solutions RT 3.8.11

3.8.11

Best Practical Solutions RT 3.8.11 release candidate 1

3.8.11

Best Practical Solutions RT 3.8.11 release candidate 2

3.8.11

Best Practical Solutions RT 3.8.12

3.8.12

Best Practical Solutions RT 3.8.13 release candidate 1

3.8.13

Best Practical Solutions RT 3.8.13 release candidate 2

3.8.13

Best Practical Solutions RT 3.8.14 release candidate 1

3.8.14

Best Practical Solutions RT 4.0.0

4.0.0

Best Practical Solutions RT 4.0.0 Release Candidate 1

4.0.0

Best Practical Solutions RT 4.0.0 Release Candidate 2

4.0.0

Best Practical Solutions RT 4.0.0 Release Candidate 3

4.0.0

Best Practical Solutions RT 4.0.0 Release Candidate 4

4.0.0

Best Practical Solutions RT 4.0.0 Release Candidate 5

4.0.0

Best Practical Solutions RT 4.0.0 Release Candidate 6

4.0.0

Best Practical Solutions RT 4.0.0 Release Candidate 7

4.0.0

Best Practical Solutions RT 4.0.0 Release Candidate 8

4.0.0

Best Practical Solutions RT 4.0.1

4.0.1

Best Practical Solutions RT 4.0.1 release candidate 1

4.0.1

Best Practical Solutions RT 4.0.1 release candidate 2

4.0.1

Best Practical Solutions RT 4.0.2

4.0.2

Best Practical Solutions RT 4.0.2 release candidate 1

4.0.2

Best Practical Solutions RT 4.0.2 release candidate 2

4.0.2

Best Practical Solutions RT 4.0.3

4.0.3

Best Practical Solutions RT 4.0.3 release candidate 1

4.0.3

Best Practical Solutions RT 4.0.3 release candidate 2

4.0.3

Best Practical Solutions RT 4.0.4

4.0.4

Best Practical Solutions RT 4.0.5

4.0.5

Best Practical Solutions RT 4.0.5 release candidate 1

4.0.5

Best Practical Solutions RT 4.0.6

4.0.6

Best Practical Solutions RT 4.0.7 release candidate 1

4.0.7

Best Practical Solutions RT 4.0.8 release candidate 1

4.0.8

Best Practical Solutions RT 4.0.8 release candidate 2

4.0.8

References

[rt-announce] 20121025 Security vulnerabilities in RT

Vendor Advisory

86709

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.