QwikSec

Security Database

CVE

CWE

Training

CVE-2011-0046

Published: Jan 28, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.mozilla.org/show_bug.cgi?id=621105

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_BID

https://bugzilla.mozilla.org/show_bug.cgi?id=621090

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

http://www.bugzilla.org/security/3.2.9/

x_refsource_CONFIRM

FEDORA-2011-0741

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_VUPEN

https://bugzilla.mozilla.org/show_bug.cgi?id=621109

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.mozilla.org/show_bug.cgi?id=621107

x_refsource_CONFIRM

bugzilla-unspec-csrf(65003)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_VUPEN

FEDORA-2011-0755

vendor-advisory

x_refsource_FEDORA

https://bugzilla.mozilla.org/show_bug.cgi?id=621110

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_OSVDB

https://bugzilla.mozilla.org/show_bug.cgi?id=621108

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.