Summary
Bugzilla is prone to the following vulnerabilities:
1. A security-bypass issue.
2. Multiple cross-site scripting vulnerabilities.
3. Multiple cross-site request-forgery vulnerabilities.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials or perform certain administrative actions and perform actions in the vulnerable application in the context of the victim.
The following versions are vulnerable:
3.1.x versions prior to 3.2.10
3.2.x versions prior to 3.4.10
3.3.x versions prior to 3.6.4
4.x versions prior to 4.0rc2
Solution
Vendor updates are available. Please see the references for more information.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-4567, CVE-2010-4568, CVE-2010-4569, CVE-2010-4570, CVE-2011-0046, CVE-2011-0048 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities