Skip to main content

Bugzilla CVE-2012-0453

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2012-02-25 cve@mitre.org
5.1
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:H/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
High
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Feb 25, 2012 - 04:21 cve.org
MEDIUM 5.1

DescriptionCVE.org

Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API.

AnalysisAI

Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API. Affected products include: Mozilla Bugzilla. Version information: through 4.0.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2015-4499 HIGH POC
7.5 Sep 14

Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long

CVE-2013-1734 MEDIUM POC
6.8 Oct 24

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x a

CVE-2013-1733 MEDIUM POC
6.8 Oct 24

Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attacker

CVE-2012-0440 MEDIUM POC
5.1 Feb 02

Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x

CVE-2012-4197 MEDIUM POC
5.0 Nov 16

Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and

CVE-2019-1003066 HIGH
8.8 Apr 04

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they

CVE-2015-8508 MEDIUM POC
4.7 Jan 03

Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x a

CVE-2013-1743 MEDIUM POC
4.3 Oct 24

Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and

CVE-2013-1742 MEDIUM POC
4.3 Oct 24

Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11;

CVE-2012-4189 MEDIUM POC
4.3 Nov 16

Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, al

CVE-2012-0448 MEDIUM POC
4.0 Feb 02

Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x befo

CVE-2015-8509 LOW POC
3.5 Jan 03

Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2

Share

CVE-2012-0453 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy