| Name | CVE-2012-4732 |
| Description | Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-2567-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| request-tracker4 (PTS) | jessie, jessie (lts) | 4.2.8-3+deb8u4 | fixed |
| stretch (security) | 4.4.1-3+deb9u4 | fixed | |
| stretch (lts), stretch | 4.4.1-3+deb9u6 | fixed | |
| buster (security), buster, buster (lts) | 4.4.3-2+deb10u3 | fixed | |
| bullseye (security), bullseye | 4.4.4+dfsg-2+deb11u3 | fixed | |
| bookworm (security), bookworm | 4.4.6+dfsg-1.1+deb12u1 | fixed | |
| sid, trixie | 4.4.7+dfsg-3 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| request-tracker3.8 | source | squeeze | 3.8.8-7+squeeze6 | DSA-2567-1 | ||
| request-tracker3.8 | source | (unstable) | (unfixed) | |||
| request-tracker4 | source | (unstable) | 4.0.7-2 |