Lucene search

K
cveMitreCVE-2011-0046
HistoryJan 28, 2011 - 4:00 p.m.

CVE-2011-0046

2011-01-2816:00:02
CWE-352
mitre
web.nvd.nist.gov
43
cve-2011-0046
bugzilla
csrf
cross-site request forgery
vulnerability
remote attackers
authentication

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.004

Percentile

72.8%

Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi.

Affected configurations

Nvd
Node
mozillabugzillaRange3.2.9
OR
mozillabugzillaMatch2.0
OR
mozillabugzillaMatch2.2
OR
mozillabugzillaMatch2.4
OR
mozillabugzillaMatch2.6
OR
mozillabugzillaMatch2.8
OR
mozillabugzillaMatch2.9
OR
mozillabugzillaMatch2.10
OR
mozillabugzillaMatch2.12
OR
mozillabugzillaMatch2.14
OR
mozillabugzillaMatch2.14.1
OR
mozillabugzillaMatch2.14.2
OR
mozillabugzillaMatch2.14.3
OR
mozillabugzillaMatch2.14.4
OR
mozillabugzillaMatch2.14.5
OR
mozillabugzillaMatch2.16
OR
mozillabugzillaMatch2.16rc1
OR
mozillabugzillaMatch2.16rc2
OR
mozillabugzillaMatch2.16.1
OR
mozillabugzillaMatch2.16.2
OR
mozillabugzillaMatch2.16.3
OR
mozillabugzillaMatch2.16.4
OR
mozillabugzillaMatch2.16.5
OR
mozillabugzillaMatch2.16.6
OR
mozillabugzillaMatch2.16.7
OR
mozillabugzillaMatch2.16.8
OR
mozillabugzillaMatch2.16.9
OR
mozillabugzillaMatch2.16.10
OR
mozillabugzillaMatch2.16.11
OR
mozillabugzillaMatch2.16_rc2
OR
mozillabugzillaMatch2.17
OR
mozillabugzillaMatch2.17.1
OR
mozillabugzillaMatch2.17.2
OR
mozillabugzillaMatch2.17.3
OR
mozillabugzillaMatch2.17.4
OR
mozillabugzillaMatch2.17.5
OR
mozillabugzillaMatch2.17.6
OR
mozillabugzillaMatch2.17.7
OR
mozillabugzillaMatch2.18
OR
mozillabugzillaMatch2.18rc1
OR
mozillabugzillaMatch2.18rc2
OR
mozillabugzillaMatch2.18rc3
OR
mozillabugzillaMatch2.18.1
OR
mozillabugzillaMatch2.18.2
OR
mozillabugzillaMatch2.18.3
OR
mozillabugzillaMatch2.18.4
OR
mozillabugzillaMatch2.18.5
OR
mozillabugzillaMatch2.18.6
OR
mozillabugzillaMatch2.18.6\+
OR
mozillabugzillaMatch2.18.7
OR
mozillabugzillaMatch2.18.8
OR
mozillabugzillaMatch2.18.9
OR
mozillabugzillaMatch2.19
OR
mozillabugzillaMatch2.19.1
OR
mozillabugzillaMatch2.19.2
OR
mozillabugzillaMatch2.19.3
OR
mozillabugzillaMatch2.20
OR
mozillabugzillaMatch2.20rc1
OR
mozillabugzillaMatch2.20rc2
OR
mozillabugzillaMatch2.20.1
OR
mozillabugzillaMatch2.20.2
OR
mozillabugzillaMatch2.20.3
OR
mozillabugzillaMatch2.20.4
OR
mozillabugzillaMatch2.20.5
OR
mozillabugzillaMatch2.20.6
OR
mozillabugzillaMatch2.20.7
OR
mozillabugzillaMatch2.21
OR
mozillabugzillaMatch2.21.1
OR
mozillabugzillaMatch2.21.2
OR
mozillabugzillaMatch2.22
OR
mozillabugzillaMatch2.22rc1
OR
mozillabugzillaMatch2.22.1
OR
mozillabugzillaMatch2.22.2
OR
mozillabugzillaMatch2.22.3
OR
mozillabugzillaMatch2.22.4
OR
mozillabugzillaMatch2.22.5
OR
mozillabugzillaMatch2.22.6
OR
mozillabugzillaMatch2.22.7
OR
mozillabugzillaMatch2.23
OR
mozillabugzillaMatch2.23.1
OR
mozillabugzillaMatch2.23.2
OR
mozillabugzillaMatch2.23.3
OR
mozillabugzillaMatch2.23.4
OR
mozillabugzillaMatch3.2
OR
mozillabugzillaMatch3.2rc1
OR
mozillabugzillaMatch3.2rc2
OR
mozillabugzillaMatch3.2.1
OR
mozillabugzillaMatch3.2.2
OR
mozillabugzillaMatch3.2.3
OR
mozillabugzillaMatch3.2.4
OR
mozillabugzillaMatch3.2.5
OR
mozillabugzillaMatch3.2.6
OR
mozillabugzillaMatch3.2.7
OR
mozillabugzillaMatch3.2.8
OR
mozillabugzillaMatch3.4.1
OR
mozillabugzillaMatch3.4.2
OR
mozillabugzillaMatch3.4.3
OR
mozillabugzillaMatch3.4.4
OR
mozillabugzillaMatch3.4.5
OR
mozillabugzillaMatch3.4.6
OR
mozillabugzillaMatch3.4.7
OR
mozillabugzillaMatch3.4.8
OR
mozillabugzillaMatch3.4.9
OR
mozillabugzillaMatch3.6.0
OR
mozillabugzillaMatch3.6.1
OR
mozillabugzillaMatch3.6.2
OR
mozillabugzillaMatch3.6.3
OR
mozillabugzillaMatch4.0
OR
mozillabugzillaMatch4.0rc1
VendorProductVersionCPE
mozillabugzilla*cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:*
mozillabugzilla2.0cpe:2.3:a:mozilla:bugzilla:2.0:*:*:*:*:*:*:*
mozillabugzilla2.2cpe:2.3:a:mozilla:bugzilla:2.2:*:*:*:*:*:*:*
mozillabugzilla2.4cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*
mozillabugzilla2.6cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*
mozillabugzilla2.8cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*
mozillabugzilla2.9cpe:2.3:a:mozilla:bugzilla:2.9:*:*:*:*:*:*:*
mozillabugzilla2.10cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*
mozillabugzilla2.12cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*
mozillabugzilla2.14cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*
Rows per page:
1-10 of 1091

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.004

Percentile

72.8%