CVE-2011-0046 — Cross-Site Request Forgery in Mozilla Bugzilla

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.8%

top 26.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedJan 28

Latest updateMay 3

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/bugzilla3.2.9+97

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-vxhq-w38v-xx5f: Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3↗2022-05-03

▶

CVEList

CVE-2011-0046: Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3↗2011-01-28

▶