Bugzilla Multiple Vulnerabilities Network Vulnerability

Summary

Bugzilla is prone to the following vulnerabilities: 1. A security-bypass issue. 2. Multiple cross-site scripting vulnerabilities. 3. Multiple cross-site request-forgery vulnerabilities. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials or perform certain administrative actions and perform actions in the vulnerable application in the context of the victim. The following versions are vulnerable: 3.1.x versions prior to 3.2.10 3.2.x versions prior to 3.4.10 3.3.x versions prior to 3.6.4 4.x versions prior to 4.0rc2

Solution

Vendor updates are available. Please see the references for more information.

References

http://www.bugzilla.org/security/3.2.9/
https://www.securityfocus.com/bid/45982

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4567, CVE-2010-4568, CVE-2010-4569, CVE-2010-4570, CVE-2011-0046, CVE-2011-0048
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Arkeia Appliance Multiple Vulnerabilities
Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
admin.cgi overflow
ActivePerl perlIS.dll Buffer Overflow
AproxEngine Multiple Remote Input Validation Vulnerabilities

Take action and discover your vulnerabilities