CVE-2009-1213

high

Description

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.

References

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.html

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00188.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/49524

https://bugzilla.mozilla.org/show_bug.cgi?id=476603

http://www.vupen.com/english/advisories/2009/0887

http://www.securityfocus.com/bid/34308

http://www.bugzilla.org/security/3.2.2/

http://secunia.com/advisories/34624

http://secunia.com/advisories/34547

http://secunia.com/advisories/34545

Details

Source: Mitre, NVD

Published: 2009-04-01

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics