8.8

CVE-2017-5943

Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BestpracticalRequest Tracker Version4.0.0
BestpracticalRequest Tracker Version4.0.1
BestpracticalRequest Tracker Version4.0.2
BestpracticalRequest Tracker Version4.0.3
BestpracticalRequest Tracker Version4.0.4
BestpracticalRequest Tracker Version4.0.5
BestpracticalRequest Tracker Version4.0.6
BestpracticalRequest Tracker Version4.0.7
BestpracticalRequest Tracker Version4.0.8
BestpracticalRequest Tracker Version4.0.9
BestpracticalRequest Tracker Version4.0.10
BestpracticalRequest Tracker Version4.0.11
BestpracticalRequest Tracker Version4.0.12
BestpracticalRequest Tracker Version4.0.13
BestpracticalRequest Tracker Version4.0.14
BestpracticalRequest Tracker Version4.0.15
BestpracticalRequest Tracker Version4.0.16
BestpracticalRequest Tracker Version4.0.17
BestpracticalRequest Tracker Version4.0.18
BestpracticalRequest Tracker Version4.0.19
BestpracticalRequest Tracker Version4.0.20
BestpracticalRequest Tracker Version4.0.21
BestpracticalRequest Tracker Version4.0.22
BestpracticalRequest Tracker Version4.0.23
BestpracticalRequest Tracker Version4.0.24
BestpracticalRequest Tracker Version4.2.0
BestpracticalRequest Tracker Version4.2.1
BestpracticalRequest Tracker Version4.2.2
BestpracticalRequest Tracker Version4.2.3
BestpracticalRequest Tracker Version4.2.4
BestpracticalRequest Tracker Version4.2.5
BestpracticalRequest Tracker Version4.2.6
BestpracticalRequest Tracker Version4.2.7
BestpracticalRequest Tracker Version4.2.8
BestpracticalRequest Tracker Version4.2.9
BestpracticalRequest Tracker Version4.2.10
BestpracticalRequest Tracker Version4.2.11
BestpracticalRequest Tracker Version4.2.12
BestpracticalRequest Tracker Version4.2.13
BestpracticalRequest Tracker Version4.4.0
BestpracticalRequest Tracker Version4.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.84% 0.529
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016
Vendor Advisory
http://www.debian.org/security/2017/dsa-3882
Third Party Advisory
http://www.securityfocus.com/bid/99384
Third Party Advisory
VDB Entry