CSRF in Bestpractical Rt

CVE-2012-4732

Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that tog…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (29.9th percentile) — read the EPSS interpretation.

Affected products

Bestpractical Rt — versions 3.8.12, 3.8.13, 3.8.14
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

[rt-announce] 20121025 Security vulnerabilities in RT (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
86714 (x_refsource_OSVDB, vdb-entry)