CVE-2010-4568

critical

Description

Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65001

https://bugzilla.mozilla.org/show_bug.cgi?id=621591

https://bugzilla.mozilla.org/show_bug.cgi?id=619594

https://bugzilla.mozilla.org/attachment.cgi?id=506031&action=diff

http://www.vupen.com/english/advisories/2011/0271

http://www.vupen.com/english/advisories/2011/0207

http://www.securityfocus.com/bid/45982

http://www.debian.org/security/2011/dsa-2322

http://www.bugzilla.org/security/3.2.9/

http://secunia.com/advisories/43165

http://secunia.com/advisories/43033

http://osvdb.org/70700

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html

Details

Source: Mitre, NVD

Published: 2011-01-28

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical