Session Hijacking Vulnerability in Request Tracker's MobileUI Extension
CVE-2013-3737

Currently unrated

Key Information:

Vendor

Bestpractical

Status
Request Tracker
Vendor
CVE Published:
16 November 2014

What is CVE-2013-3737?

A security flaw in the MobileUI extension of Request Tracker (RT) prior to version 1.04 allows remote attackers using the file-based session store to exploit unauthorized sessions. This vulnerability can lead to the retrieval of user preferences and caches through unspecified vectors, potentially compromising user data and system integrity.

References

http://www.osvdb.org/94280
vdb-entryx_refsource_OSVDB
http://lists.bestpractical.com/pipermail/rt-announce/2013...
mailing-listx_refsource_MLIST
http://secunia.com/advisories/53799
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.