Lucene search

PRIOn knowledge basePRION:CVE-2011-1685

HistoryApr 22, 2011 - 10:55 a.m.

Cross site request forgery (csrf)

2011-04-2210:55:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.9%

JSON

Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.

CPENameOperatorVersion
rteq3.8.7
rteq3.8.9 rc2
rteq3.8.8 rc2
rteq3.8.9 rc1
rteq3.8.2
rteq3.8.8 rc4
rteq3.8.0
rteq3.8.9
rteq3.8.8 rc3
rteq3.8.9 rc3

Name	Operator	Version
rt	eq	3.8.7
rt	eq	3.8.9 rc2
rt	eq	3.8.8 rc2
rt	eq	3.8.9 rc1
rt	eq	3.8.2
rt	eq	3.8.8 rc4
rt	eq	3.8.0
rt	eq	3.8.9
rt	eq	3.8.8 rc3
rt	eq	3.8.9 rc3

Rows per page:

1-10 of 251

References

blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html

lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html

lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html

secunia.com/advisories/44189

www.debian.org/security/2011/dsa-2220

www.securityfocus.com/bid/47383

www.vupen.com/english/advisories/2011/1071

bugzilla.redhat.com/show_bug.cgi?id=696795

exchange.xforce.ibmcloud.com/vulnerabilities/66791

7.8 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for PRION:CVE-2011-1685