Candidate: CVE-2017-5943
PublicDate: 2017-07-03 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5943
Description:
 Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x
 before 4.4.2 allows remote attackers to obtain sensitive information about
 cross-site request forgery (CSRF) verification tokens via a crafted URL.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_request-tracker4:
upstream_request-tracker4: released (4.4.1-4)
precise/esm_request-tracker4: DNE
trusty_request-tracker4: ignored (reached end-of-life)
trusty/esm_request-tracker4: DNE (trusty was needed)
vivid/ubuntu-core_request-tracker4: DNE
xenial_request-tracker4: ignored (end of standard support, was needed)
yakkety_request-tracker4: ignored (reached end-of-life)
zesty_request-tracker4: released (4.4.1-3+deb9u2build0.17.04.1)
artful_request-tracker4: not-affected (4.4.1-4)
bionic_request-tracker4: not-affected (4.4.1-4)
cosmic_request-tracker4: not-affected (4.4.1-4)
disco_request-tracker4: not-affected (4.4.1-4)
eoan_request-tracker4: not-affected (4.4.1-4)
focal_request-tracker4: not-affected (4.4.1-4)
groovy_request-tracker4: not-affected (4.4.1-4)
hirsute_request-tracker4: not-affected (4.4.1-4)
impish_request-tracker4: not-affected (4.4.1-4)
jammy_request-tracker4: not-affected (4.4.1-4)
devel_request-tracker4: not-affected (4.4.1-4)