CVE-2012-4732Cross-Site Request Forgery in Request-tracker4

CWE-352Cross-Site Request Forgery6 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 70.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Request-tracker4Bestpractical RT
Timeline
PublishedNov 11
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

debiandebian/request-tracker4< request-tracker4 4.0.7-2 (bookworm)
NVDbestpractical/rt6 versions+5

Patches

Patch: lists.bestpractical.comPatch: lists.bestpractical.com

🔴Vulnerability Details

2
GHSA
GHSA-8q74-38rr-629p: Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 32022-05-17
OSV
CVE-2012-4732: Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 32012-11-11

📋Vendor Advisories

1
Debian
CVE-2012-4732: request-tracker4 - Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 a...2012

💬Community

2
Bugzilla
CVE-2012-4730 CVE-2012-4732 CVE-2012-4734 CVE-2012-4735 CVE-2012-4884 rt3: Multiple flaws fixed in upstream 3.8.15 version [fedora-all]2012-10-26
Bugzilla
CVE-2012-4730 CVE-2012-4732 CVE-2012-4734 CVE-2012-4735 CVE-2012-4884 rt3: Multiple flaws fixed in upstream 3.8.15 version [epel-all]2012-10-26
CVE-2012-4732 — Cross-Site Request Forgery | cvebase