CVE-2011-2085
EPSS 0.29%
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.
How to fix CVE-2011-2085
To remediate CVE-2011-2085, upgrade the affected package to a fixed version below.
- Debian/request-tracker4—upgrade to 4.0.5-3 or later
Is CVE-2011-2085 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.0.5-3