CVE-2011-1685
Published: 22 April 2011
Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
Priority
Status
Package | Release | Status |
---|---|---|
request-tracker3.8 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Released
(3.8.7-1ubuntu2.2)
|
|
maverick |
Released
(3.8.8-4ubuntu0.1)
|
|
natty |
Released
(3.8.10-1)
|
|
oneiric |
Not vulnerable
|
|
upstream |
Released
(3.8.10)
|