CVE-2024-12123

Name of the Vulnerable Software and Affected Versions Issuetrak version 17.1

Description A hidden field manipulation issue was identified that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and modified by using a proxy. The ticket requester can be changed from the original requester to another user in the same application, which the application then accepts.

Recommendations For Issuetrak version 17.1, consider disabling the ticket submission feature until a patch is available to prevent exploitation of the hidden field manipulation issue. Restrict access to the proxy modification functionality to minimize the risk of interception and modification of ticket requests. Avoid using the ticket submission feature with untrusted or unverified users until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.