CVE-2017-5943Cross-Site Request Forgery in Request-tracker4

CWE-352Cross-Site Request Forgery6 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 38.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Request-tracker4Bestpractical Request Tracker
Timeline
PublishedJul 3
Latest updateMay 17

Description

Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

debiandebian/request-tracker4< request-tracker4 4.4.1-4 (bookworm)
NVDbestpractical/request_tracker41 versions+40

🔴Vulnerability Details

2
GHSA
GHSA-7p4g-wg5g-j4v4: Request Tracker (RT) 42022-05-17
OSV
CVE-2017-5943: Request Tracker (RT) 42017-07-03

📋Vendor Advisories

1
Debian
CVE-2017-5943: request-tracker4 - Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4....2017

💬Community

2
Bugzilla
CVE-2017-5943 rt: Information leak of CSRF verification tokens2017-07-26
Bugzilla
CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944 rt: various flaws [fedora-all]2017-07-26
CVE-2017-5943 — Cross-Site Request Forgery | cvebase