Lucene search

K

[email protected]NVD:CVE-2012-4732

HistoryNov 11, 2012 - 1:00 p.m.

CVE-2012-4732

2012-11-1113:00:59

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.2%

Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.

Affected configurations

NVD

Node

bestpracticalrtMatch3.8.12

OR

bestpracticalrtMatch3.8.13

OR

bestpracticalrtMatch3.8.13rc1

OR

bestpracticalrtMatch3.8.13rc2

OR

bestpracticalrtMatch3.8.14

OR

bestpracticalrtMatch3.8.14rc1

Node

bestpracticalrtMatch4.0.6

OR

bestpracticalrtMatch4.0.7rc1

OR

bestpracticalrtMatch4.0.8rc1

OR

bestpracticalrtMatch4.0.8rc2

References

lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html

osvdb.org/86714

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.2%

Related for NVD:CVE-2012-4732

prion1 debiancve1 cve1 ubuntucve1 cvelist1 fedora3 openvas8 debian1 securityvulns2 freebsd1 osv1 nessus6