CVE-2009-0482 — Cross-Site Request Forgery in Mozilla Bugzilla

CWE-352 — Cross-Site Request Forgery8 documents5 sources
Severity
5.8MEDIUMNVD
EPSS
0.3%
top 49.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedFeb 9
Latest updateMay 2

Description

Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

â–¶NVDmozilla/bugzilla69 versions+68

🔴Vulnerability Details

2
GHSA
GHSA-q7v7-wgvv-h4x9: Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3↗2022-05-02
â–¶
CVEList
CVE-2009-0482: Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3↗2009-02-09
â–¶

📋Vendor Advisories

1
Red Hat
bugzilla: CSRF vuln via process_bug.cgi↗2009-02-09
â–¶

💬Community

4
Bugzilla
CVE-2009-0482 bugzilla: CSRF vuln via process_bug.cgi↗2009-02-10
â–¶
Bugzilla
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]↗2009-02-09
â–¶
Bugzilla
CVE-2008-4437 CVE-2008-6098 CVE-2008-048[13456] bugzilla: multiple issues [Fdevel]↗2009-02-09
â–¶
Bugzilla
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F9]↗2009-02-09
â–¶
CVE-2009-0482 — Cross-Site Request Forgery in Mozilla | cvebase