Description
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.
References (2)
Core 2
Core References
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/86714
Scores
EPSS
0.0087
EPSS Percentile
54.6%
Details
CWE
CWE-352
Status
published
Products (6)
bestpractical/rt
3.8.12
bestpractical/rt
3.8.13 (3 CPE variants)
bestpractical/rt
3.8.14 (2 CPE variants)
bestpractical/rt
4.0.6
bestpractical/rt
4.0.7 rc1
bestpractical/rt
4.0.8 rc1 (2 CPE variants)
Published
Nov 11, 2012
Tracked Since
Feb 18, 2026