icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

RT: Request Tracker 'ShowConfigTab' Security Bypass

Medium

Synopsis

The remote host is running a web application that is affected by a security bypass vulnerability.

Description

The remote host is running RT: Request Tracker, an enterprise-grade ticketing system. The version detected is affected by a security bypass vulnerability because the 'ShowConfigTab' right unintentionally enabled users to edit global RT at a Glance. An attacker could exploit this to edit the application's configuration.

Solution

Upgrade to RT 3.6.8 / 3.8.4