Описание
Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| hardy | DNE | |
| karmic | ignored | end of life |
| lucid | released | 3.8.7-1ubuntu2.2 |
| maverick | released | 3.8.8-4ubuntu0.1 |
| natty | released | 3.8.10-1 |
| oneiric | not-affected | |
| upstream | released | 3.8.10 |
Показывать по
Ссылки на источники
EPSS
4.6 Medium
CVSS2
Связанные уязвимости
Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4. ...
Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
EPSS
4.6 Medium
CVSS2