CVE-2012-4732

Request Tracker <3.8.15-4.0.8 - CSRF

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.

References (2)

Core 2
Core References
Patch, Vendor Advisory mailing-list x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/86714

Scores

EPSS 0.0087
EPSS Percentile 54.6%

Details

CWE
CWE-352
Status published
Products (6)
bestpractical/rt 3.8.12
bestpractical/rt 3.8.13 (3 CPE variants)
bestpractical/rt 3.8.14 (2 CPE variants)
bestpractical/rt 4.0.6
bestpractical/rt 4.0.7 rc1
bestpractical/rt 4.0.8 rc1 (2 CPE variants)
Published Nov 11, 2012
Tracked Since Feb 18, 2026