CVE-2014-1517

CWE-287 — Improper Authentication6 documents4 sources

Severity

4.0MEDIUM

EPSS

0.4%

top 39.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Fedora Mozilla Bugzilla

Timeline

PublishedApr 20

Latest updateMay 17

Description

The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla182 versions+181

Also affects: Fedora 19, 20

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-h84p-rcw9-4mc8: The login form in Bugzilla 2↗2022-05-17

▶

CVEList

CVE-2014-1517: The login form in Bugzilla 2↗2014-04-20

▶

💬Community

Bugzilla

CVE-2014-1517 bugzilla: flaws fixed in upstream releases 4.5.3, 4.4.3, 4.2.8, and 4.0.12 [fedora-all]↗2014-04-22

▶

Bugzilla

CVE-2014-1517 bugzilla: flaws fixed in upstream releases 4.5.3, 4.4.3, 4.2.8, and 4.0.12 [epel-all]↗2014-04-22

▶

Bugzilla

CVE-2014-1517 bugzilla: flaws fixed in upstream releases 4.5.3, 4.4.3, 4.2.8, and 4.0.12↗2014-04-22

▶