CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
71.5%
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in
Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows
remote attackers to hijack the authentication of arbitrary users for
requests that use attachment editing.