Bugzilla 'attachment.cgi' Cross Site Request Forgery Vulnerability Network Vulnerability

Summary

Bugzilla is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to submit attachments in the context of the logged-in user. This issue affects versions prior to Bugzilla 3.2.3 and 3.3.4.

Solution

The vendor released updates to address this issue. Please see http://www.bugzilla.org/ for more information.

References

http://www.securityfocus.com/bid/34308

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1213
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache CouchDB Cross Site Request Forgery Vulnerability
Apache Tiles Multiple XSS Vulnerability
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability

Take action and discover your vulnerabilities