CVE-2009-1213

Sažetak

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.

Reference

http://secunia.com/advisories/34545
http://secunia.com/advisories/34547
http://secunia.com/advisories/34624
http://www.bugzilla.org/security/3.2.2/
http://www.securityfocus.com/bid/34308
http://www.vupen.com/english/advisories/2009/0887
https://bugzilla.mozilla.org/show_bug.cgi?id=476603
https://exchange.xforce.ibmcloud.com/vulnerabilities/49524
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00188.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.html

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-08-2017 - 01:30

Objavljeno

01-04-2009 - 10:30