Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.
References (6)
Core 6
Core References
Patch mailing-list
x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html
Vendor Advisory mailing-list
x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html
Patch mailing-list
x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49259
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53660
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
Scores
EPSS
0.0107
EPSS Percentile
60.9%
Details
CWE
CWE-352
Status
published
Products (44)
bestpractical/rt
1.0.0
bestpractical/rt
1.0.1
bestpractical/rt
1.0.2
bestpractical/rt
1.0.3
bestpractical/rt
1.0.4
bestpractical/rt
1.0.5
bestpractical/rt
1.0.6
bestpractical/rt
1.0.7
bestpractical/rt
2.0.0
bestpractical/rt
2.0.1
... and 34 more
Published
Jun 04, 2012
Tracked Since
Feb 18, 2026