Bestpractical : Security Vulnerabilities, CVEs, (CSRF)
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
Max CVSS
8.8
EPSS Score
0.20%
Published
2017-07-03
Updated
2017-07-07
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link.
Max CVSS
5.0
EPSS Score
0.15%
Published
2012-11-11
Updated
2013-03-02
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.
Max CVSS
6.8
EPSS Score
0.09%
Published
2012-11-11
Updated
2013-03-02
Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.
Max CVSS
6.8
EPSS Score
0.30%
Published
2012-06-04
Updated
2021-02-25
Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
Max CVSS
4.6
EPSS Score
0.43%
Published
2011-04-22
Updated
2017-08-17
5 vulnerabilities found