CVE-2024-12123: Unauthorized Modification of Ticket Requester

5.3 CVSS

Description

A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user.

When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester can be changed from the original requester to another user in the same application,
which the application then accepts.

Classification

CVE ID: CVE-2024-12123

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

Affected Products

Vendor: Issuetrak

Product: Issuetrak

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://helpcenter.issuetrak.com/home/2340-issuetrak-release-notes

Timeline

2024-12-05 00:32:15 UTC
CVE

Unauthorized Modification of Ticket Requester