CVE-2010-4568 — Mozilla Bugzilla vulnerability

CWE-2643 documents3 sources

Severity

7.5HIGHNVD

EPSS

2.2%

top 15.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedJan 28

Latest updateMay 17

Description

Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/bugzilla99 versions+98

🔴Vulnerability Details

GHSA

GHSA-qrp2-qxjh-p3w7: Bugzilla 2↗2022-05-17

▶

CVEList

CVE-2010-4568: Bugzilla 2↗2011-01-28

▶