CVE-2011-3669

2012-01-02T19:55:00
ID CVE-2011-3669
Type cve
Reporter cve@mitre.org
Modified 2012-02-02T04:07:00

Description

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments.