CVE-2024-12123

Dec. 4, 2024, 4:15 a.m.

None
No Score

Description

A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user.  When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy.  The ticket requester can be changed from the original requester to another user in the same application, which the application then accepts.

Product(s) Impacted

Product Versions
Issuetrak
  • ['17.1']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-472
External Control of Assumed-Immutable Web Parameter
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

References

https://helpcenter.issuetrak.com/home/2340-issuetrak-release-notes

Tags

CWE-472
2024-12-04
b7efe717-a805-47cf-8e9a-921fca0ce0ce
CVE-2024-12123

Timeline

Published: Dec. 4, 2024, 4:15 a.m.
Last Modified: Dec. 4, 2024, 4:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

b7efe717-a805-47cf-8e9a-921fca0ce0ce

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.