Rt@4.0.7 Security Vulnerabilities and Issues — Rt@4.0.7 CVE List

Lucene search

BestpracticalRt4.0.7

12 matches found

CVE•added 2013/08/23 4:55 p.m.•64 views

CVE-2013-3370

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.

6.8CVSS8.5AI score0.0113EPSS

CVE•added 2013/08/23 4:55 p.m.•61 views

CVE-2013-3371

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.

4.3CVSS7.2AI score0.00442EPSS

CVE•added 2013/08/23 4:55 p.m.•56 views

CVE-2013-5587

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.

2.6CVSS7AI score0.00442EPSS

CVE•added 2013/08/23 4:55 p.m.•51 views

CVE-2013-3368

bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.

3.3CVSS8.1AI score0.0005EPSS

CVE•added 2013/08/23 4:55 p.m.•48 views

CVE-2013-3372

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.

4.3CVSS7.8AI score0.0048EPSS

CVE•added 2013/08/23 4:55 p.m.•48 views

CVE-2013-3373

CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.

5CVSS8.3AI score0.0048EPSS

CVE•added 2013/08/23 4:55 p.m.•47 views

CVE-2013-3369

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.

6CVSS8.4AI score0.00628EPSS

CVE•added 2012/11/11 1:0 p.m.•43 views

CVE-2012-4732

Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.

6.8CVSS6.9AI score0.00116EPSS

CVE•added 2012/11/11 1:0 p.m.•42 views

CVE-2012-4730

Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.

3.5CVSS5.9AI score0.00176EPSS

CVE•added 2012/11/11 1:0 p.m.•42 views

CVE-2012-4734

Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link.

5CVSS6.6AI score0.00397EPSS

CVE•added 2013/08/23 4:55 p.m.•42 views

CVE-2013-3374

Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."

4.3CVSS8.2AI score0.0056EPSS

CVE•added 2012/11/11 1:0 p.m.•37 views

CVE-2012-4884

Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.

5CVSS6.8AI score0.00245EPSS