Vulnerabilities > Bestpractical > RT > 4.0.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-11 | CVE-2012-4732 | Cross-Site Request Forgery (CSRF) vulnerability in Bestpractical RT Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks. | 6.8 |
| 2012-11-11 | CVE-2012-4730 | Permissions, Privileges, and Access Controls vulnerability in Bestpractical RT Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. | 3.5 |