CVE-2011-1685
published 2011-04-22CVE-2011-1685: Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled…
PriorityP420medium4.6CVSS 2.0
AVNACHAuSCPIPAP
EPSS
1.12%
62.0th percentile
Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.htmlhttp://secunia.com/advisories/44189http://www.debian.org/security/2011/dsa-2220http://www.securityfocus.com/bid/47383http://www.vupen.com/english/advisories/2011/1071https://bugzilla.redhat.com/show_bug.cgi?id=696795https://exchange.xforce.ibmcloud.com/vulnerabilities/66791http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.htmlhttp://secunia.com/advisories/44189http://www.debian.org/security/2011/dsa-2220http://www.securityfocus.com/bid/47383http://www.vupen.com/english/advisories/2011/1071https://bugzilla.redhat.com/show_bug.cgi?id=696795https://exchange.xforce.ibmcloud.com/vulnerabilities/66791
2011-04-22
Published