Best Practical · Request Tracker · CVE-2012-4730
**Name of the Vulnerable Software and Affected Versions**
Request Tracker (RT) versions 3.8.x through 3.8.14
Request Tracker (RT) versions 4.0.x through 4.0.7
**Description**
The issue allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers, which can be used to conduct phishing attacks or obtain sensitive information.
**Recommendations**
For versions 3.8.x through 3.8.14, update to version 3.8.15 or later.
For versions 4.0.x through 4.0.7, update to version 4.0.8 or later.