{"id":"CVE-2012-4734","details":"Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a \"confused deputy\" attack to bypass the CSRF warning protection mechanism and cause victims to \"modify arbitrary state\" via unknown vectors related to a crafted link.","modified":"2026-04-10T03:42:30.125056Z","published":"2012-11-11T13:00:59Z","references":[{"type":"ADVISORY","url":"http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"},{"type":"WEB","url":"http://osvdb.org/86709"}],"schema_version":"1.7.5"}