Lucene search

K
nvd[email protected]NVD:CVE-2009-1213
HistoryApr 01, 2009 - 10:30 a.m.

CVE-2009-1213

2009-04-0110:30:00
CWE-352
web.nvd.nist.gov
5

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.003

Percentile

71.5%

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.

Affected configurations

Nvd
Node
mozillabugzillaMatch3.2
OR
mozillabugzillaMatch3.2rc1
OR
mozillabugzillaMatch3.2rc2
OR
mozillabugzillaMatch3.2.1
OR
mozillabugzillaMatch3.2.2
OR
mozillabugzillaMatch3.3
OR
mozillabugzillaMatch3.3.1
OR
mozillabugzillaMatch3.3.2
OR
mozillabugzillaMatch3.3.3
VendorProductVersionCPE
mozillabugzilla3.2cpe:2.3:a:mozilla:bugzilla:3.2:*:*:*:*:*:*:*
mozillabugzilla3.2cpe:2.3:a:mozilla:bugzilla:3.2:rc1:*:*:*:*:*:*
mozillabugzilla3.2cpe:2.3:a:mozilla:bugzilla:3.2:rc2:*:*:*:*:*:*
mozillabugzilla3.2.1cpe:2.3:a:mozilla:bugzilla:3.2.1:*:*:*:*:*:*:*
mozillabugzilla3.2.2cpe:2.3:a:mozilla:bugzilla:3.2.2:*:*:*:*:*:*:*
mozillabugzilla3.3cpe:2.3:a:mozilla:bugzilla:3.3:*:*:*:*:*:*:*
mozillabugzilla3.3.1cpe:2.3:a:mozilla:bugzilla:3.3.1:*:*:*:*:*:*:*
mozillabugzilla3.3.2cpe:2.3:a:mozilla:bugzilla:3.3.2:*:*:*:*:*:*:*
mozillabugzilla3.3.3cpe:2.3:a:mozilla:bugzilla:3.3.3:*:*:*:*:*:*:*

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.003

Percentile

71.5%