RT: Request Tracker 'ShowConfigTab' Security Bypass
Medium Nessus Network Monitor Plugin ID 5078
SynopsisThe remote host is running a web application that is affected by a security bypass vulnerability.
DescriptionThe remote host is running RT: Request Tracker, an enterprise-grade ticketing system. The version detected is affected by a security bypass vulnerability because the 'ShowConfigTab' right unintentionally enabled users to edit global RT at a Glance. An attacker could exploit this to edit the application's configuration.
SolutionUpgrade to RT 3.6.8 / 3.8.4