CVE-2011-2085 — Cross-Site Request Forgery in Request-tracker4

CWE-352 — Cross-Site Request Forgery5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.3%

top 47.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Request-tracker4 Bestpractical RT

Timeline

PublishedJun 4

Latest updateMay 13

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDbestpractical/rt3.8.11+108

▶debiandebian/request-tracker4< request-tracker4 4.0.5-3 (bookworm)

Patches

Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗

🔴Vulnerability Details

GHSA

GHSA-cwjq-hq44-jw63: Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3↗2022-05-13

▶

OSV

CVE-2011-2085: Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3↗2012-06-04

▶

📋Vendor Advisories

Debian

CVE-2011-2085: request-tracker4 - Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Sol...↗2011

▶

💬Community

Bugzilla

rt3: Multiple security flaws fixed in upstream v3.8.12 and v4.0.6 versions↗2012-05-22

▶