2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
65.7%
Best Practical Solutions RT before 3.8.9 does not perform certain redirect
actions upon a login, which allows physically proximate attackers to obtain
credentials by resubmitting the login form via the back button of a web
browser on an unattended workstation after an RT logout.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 11.04 | noarch | request-tracker3.8 | < 3.8.10-1 | UNKNOWN |