Remote Vulnerability in Request Tracker Affects Multiple Versions
CVE-2012-4734

Currently unrated

Key Information:

Vendor: Bestpractical
Status: Rt
Vendor: CVE Published:; 11 November 2012

🔔 Create Bestpractical Vulnerability Alert

What is CVE-2012-4734?

The vulnerability in Request Tracker (RT) versions 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8 allows remote attackers to execute a confused deputy attack. This exploit bypasses the intended Cross-Site Request Forgery (CSRF) warning protections, enabling attackers to manipulate the victim's state through crafted links, potentially leading to unauthorized modifications of system data.

References

http://osvdb.org/86709

vdb-entryx_refsource_OSVDB

http://lists.bestpractical.com/pipermail/rt-announce/2012...

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2012
Vulnerability Reserved
Aug 29, 2012

CVE-2012-4734 Data

JSON