Primary

Context

Request Tracker Cross-Site Request Forgery Vulnerability

Vulnerability

Patched

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Request Tracker (RT) versions 6.0.0 prior to 6.0.3. This vulnerability allows an attacker to induce a logged-in user to visit a malicious web page, which can then trigger arbitrary state-changing actions in RT on behalf of the user.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery, where an attacker can perform actions on behalf of a user without their consent.

Remediation

Users are advised to upgrade to RT version 6.0.3, which addresses this vulnerability.

Added: May 26, 2026, 2:30 PM

Updated: May 26, 2026, 2:30 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.8

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.8

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Request Tracker Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Best Practical RT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating