Matthew Astley

#21197of 53,633
11.8Total CVSS
Vulnerabilities · 2
Medium
2
PT-2012-5561
6.8
2012-11-11
Best Practical · Request Tracker · CVE-2012-4732
**Name of the Vulnerable Software and Affected Versions** Request Tracker versions 3.8.12 through 3.8.14 Request Tracker versions 4.0.6 through 4.0.7 **Description** A cross-site request forgery issue allows remote attackers to hijack user authentication for specific requests, such as toggling ticket bookmarks. **Recommendations** For versions 3.8.12 through 3.8.14, update to version 3.8.15 or later. For versions 4.0.6 through 4.0.7, update to version 4.0.8 or later.
PT-2012-5562
5.0
2012-11-11
Best Practical · Request Tracker · CVE-2012-4734
**Name of the Vulnerable Software and Affected Versions** Request Tracker (RT) versions 3.8.x through 3.8.14 Request Tracker (RT) versions 4.0.x through 4.0.7 **Description** The issue allows remote attackers to conduct a "confused deputy" attack, bypassing the CSRF warning protection mechanism. This enables attackers to cause victims to modify arbitrary state via a crafted link. **Recommendations** For versions 3.8.x through 3.8.14, update to version 3.8.15 or later. For versions 4.0.x through 4.0.7, update to version 4.0.8 or later.