Detections
Analytics
RT: Request Tracker 'ShowConfigTab' Security Bypass
medium Nessus Network Monitor Plugin ID 5078
Synopsis
The remote host is running a web application that is affected by a security bypass vulnerability.Description
The remote host is running RT: Request Tracker, an enterprise-grade ticketing system. The version detected is affected by a security bypass vulnerability because the 'ShowConfigTab' right unintentionally enabled users to edit global RT at a Glance. An attacker could exploit this to edit the application's configuration.Solution
Upgrade to RT 3.6.8 / 3.8.4See Also
http://lists.bestpractical.com/pipermail/rt-announce/2009-June/000170.html