Описание
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | not-affected | |
| lucid | not-affected | |
| maverick | not-affected | |
| natty | not-affected | |
| oneiric | not-affected | 3.6.3.0-2 |
| upstream | not-affected | 3.6.2.0-4.5 |
Показывать по
Ссылки на источники
EPSS
5.1 Medium
CVSS2
Связанные уязвимости
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API.
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzi ...
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API.
EPSS
5.1 Medium
CVSS2