CVE-2012-4732
Published: 11 November 2012
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.
Priority
Status
Package | Release | Status |
---|---|---|
request-tracker3.8 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(3.8.7-1ubuntu2.3)
|
|
oneiric |
Released
(3.8.10-1ubuntu0.1)
|
|
precise |
Released
(3.8.11-1ubuntu0.1)
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.8.8-7+squeeze6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
request-tracker4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Not vulnerable
(4.0.7-2)
|
|
saucy |
Not vulnerable
(4.0.7-2)
|
|
trusty |
Does not exist
(trusty was not-affected [4.0.7-2])
|
|
upstream |
Released
(4.0.7-2)
|
|
utopic |
Not vulnerable
(4.0.7-2)
|
|
vivid |
Not vulnerable
(4.0.7-2)
|
|
wily |
Not vulnerable
(4.0.7-2)
|
|
xenial |
Not vulnerable
(4.0.7-2)
|
|
yakkety |
Not vulnerable
(4.0.7-2)
|
|
zesty |
Not vulnerable
(4.0.7-2)
|