CVE-2011-2085 Information

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.

Reference

http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660