Bestpractical: >> Rt >> 4.0.6 Security Vulnerabilities
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link.
CVSS Score
5.0
EPSS Score
0.004
Published
2012-11-11
Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.
CVSS Score
5.0
EPSS Score
0.002
Published
2012-11-11
Page 2