Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

RT: Request Tracker 'ShowConfigTab' Security Bypass

Medium

Synopsis

The remote host is running a web application that is affected by a security bypass vulnerability.

Description

The remote host is running RT: Request Tracker, an enterprise-grade ticketing system. The version detected is affected by a security bypass vulnerability because the 'ShowConfigTab' right unintentionally enabled users to edit global RT at a Glance. An attacker could exploit this to edit the application's configuration.

Solution

Upgrade to RT 3.6.8 / 3.8.4