CVE-2011-1685 Information
Description
Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7 when the CustomFieldValuesSources (aka external custom field) option is enabled allows remote authenticated users to execute arbitrary code via unspecified vectors as demonstrated by a cross-site request forgery (CSRF) attack.
Reference
http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html http://secunia.com/advisories/44189 http://www.debian.org/security/2011/dsa-2220 http://www.securityfocus.com/bid/47383 http://www.vupen.com/english/advisories/2011/1071 https://bugzilla.redhat.com/show_bug.cgi?id=696795 https://exchange.xforce.ibmcloud.com/vulnerabilities/66791
Share on: