Description
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3176
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html
Scores
EPSS
0.0199
EPSS Percentile
78.3%
Details
CWE
CWE-284
Status
published
Products (13)
bestpractical/request_tracker
4.2.0
bestpractical/request_tracker
4.2.1
bestpractical/request_tracker
4.2.2
bestpractical/request_tracker
4.2.3
bestpractical/request_tracker
4.2.4
bestpractical/request_tracker
4.2.5
bestpractical/request_tracker
4.2.6
bestpractical/request_tracker
4.2.7
bestpractical/request_tracker
4.2.8
bestpractical/request_tracker
4.2.9
... and 3 more
Published
Mar 09, 2015
Tracked Since
Feb 18, 2026