CVE-2006-5455 — Mozilla Bugzilla vulnerability

4 documents4 sources

Severity

2.6LOWNVD

EPSS

1.3%

top 20.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedOct 23

Latest updateMay 1

Description

Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla2.22.1+3

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-hggx-9v6q-gj73: Cross-site request forgery (CSRF) vulnerability in editversions↗2022-05-01

▶

CVEList

CVE-2006-5455: Cross-site request forgery (CSRF) vulnerability in editversions↗2006-10-23

▶

💬Community

Bugzilla

CVE-2006-5453, CVE-2006-5454, CVE-2006-5455 bugzilla vulnerabilities↗2006-10-26

▶