RT (Request Tracker) Cross Site Request Forgery Vulnerability

This host is installed with Request Tracker and is prone to cross site request forgery vulnerability. OpenVAS Vulnerability Test $Id: secpodrtcsrfvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ RT Request Tracker Cross Site Request Forgery Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011...

CVE-2011-1685

Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources aka external custom field option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery CSRF...

Cross site request forgery (csrf)

Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources aka external custom field option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery CSRF...

[BSA-033] Security Update for request-tracker3.8

Jan Wagner uploaded new packages for request-tracker3.8 which fixed the following security problems: CVE-2011-1685 If the external custom field feature is enabled, Request Tracker allows authenticated users to execute arbitrary code with the permissions of the web server, possible triggered by a...