Описание
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | released | 3.8.7-1ubuntu2.3 |
| oneiric | released | 3.8.10-1ubuntu0.1 |
| precise | released | 3.8.11-1ubuntu0.1 |
| precise/esm | DNE | precise was released [3.8.11-1ubuntu0.1] |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4.0.7-2 |
| esm-apps/xenial | not-affected | 4.0.7-2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [4.0.7-2]] |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| raring | not-affected | 4.0.7-2 |
Показывать по
6.8 Medium
CVSS2
Связанные уязвимости
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT ...
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.
6.8 Medium
CVSS2