CVE-2024-12123 · CVEKit

cve.orgen

397 chars

A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester can be changed from the original requester to another user in the same application, which the application then accepts.

NVDen

397 chars

A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester can be changed from the original requester to another user in the same application, which the application then accepts.

NVDes

415 chars

Se identificó una vulnerabilidad de manipulación de campos ocultos en la versión 17.1 de Issuetrak que podría ser activada por un usuario autenticado. Cuando un usuario autenticado envía un ticket, la solicitud puede ser interceptada y posteriormente modificada mediante un proxy. El solicitante del ticket puede cambiar de solicitante original a otro usuario en la misma aplicación, que luego la aplicación acepta.

CVSS metrics across sources

2

Version	Type	Source	Base	Exp	Impact	Vector
4.0	Primary	cve.org	5.3	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
4.0	Secondary	NVD	5.3	—	—