Vulnerability in Bestpractical Rt

CVE-2012-4734

Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors…

EPSS: 0.002 (36.5th percentile) — read the EPSS interpretation.

Affected products

Bestpractical Rt — versions 3.8.0, 3.8.1, 3.8.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

86709 (x_refsource_OSVDB, vdb-entry)
[rt-announce] 20121025 Security vulnerabilities in RT (Vendor Advisory, mailing-list, x_refsource_MLIST)