Summary
Bugzilla is prone to a cross-site request-forgery vulnerability.
An attacker can exploit this issue to submit attachments in the context of the logged-in user.
This issue affects versions prior to Bugzilla 3.2.3 and 3.3.4.
Solution
The vendor released updates to address this issue. Please see http://www.bugzilla.org/ for more information.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-1213 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Apache Struts Directory Traversal Vulnerability
- Ampache Reflected Cross Site Scripting Vulnerability