CVE-2012-0453 — Cross-Site Request Forgery in Mozilla Bugzilla

CWE-352 — Cross-Site Request Forgery5 documents4 sources

Severity

5.1MEDIUMNVD

EPSS

0.2%

top 60.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedFeb 25

Latest updateMay 4

Description

Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/bugzilla7 versions+6

Patches

Patch: www.bugzilla.org ↗Patch: bugzilla.mozilla.org ↗Patch: www.bugzilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-f2mp-4h2c-6v7m: Cross-site request forgery (CSRF) vulnerability in xmlrpc↗2022-05-04

▶

CVEList

CVE-2012-0453: Cross-site request forgery (CSRF) vulnerability in xmlrpc↗2012-02-25

▶

💬Community

Bugzilla

CVE-2012-0453 bugzilla: CSRF fixed in 4.0.5, 4.2↗2012-02-24

▶

Bugzilla

CVE-2012-0453 bugzilla: CSRF fixed in 4.0.5, 4.2 [fedora-all]↗2012-02-24

▶