CVE-2009-0485 โ€” Cross-Site Request Forgery in Mozilla Bugzilla

CWE-352 โ€” Cross-Site Request Forgery7 documents5 sources
Severity
5.8MEDIUMNVD
EPSS
0.4%
top 38.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedFeb 9
Latest updateMay 2

Description

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

โ–ถNVDmozilla/bugzilla45 versions+44

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-xxpv-mm3c-74x5: Cross-site request forgery (CSRF) vulnerability in Bugzilla 2โ†—2022-05-02
โ–ถ
CVEList
CVE-2009-0485: Cross-site request forgery (CSRF) vulnerability in Bugzilla 2โ†—2009-02-09
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
bugzilla: CSRF vuln via editflagtypes.cgiโ†—2009-02-09
โ–ถ

๐Ÿ’ฌCommunity

3
Bugzilla
CVE-2009-0485 bugzilla: CSRF vuln via editflagtypes.cgiโ†—2009-02-10
โ–ถ
Bugzilla
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]โ†—2009-02-09
โ–ถ
Bugzilla
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F9]โ†—2009-02-09
โ–ถ
CVE-2009-0485 โ€” Cross-Site Request Forgery in Mozilla | cvebase