Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-1213
HistoryApr 01, 2009 - 12:00 a.m.

CVE-2009-1213

2009-04-0100:00:00
ubuntu.com
ubuntu.com
15

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.003

Percentile

71.5%

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in
Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows
remote attackers to hijack the authentication of arbitrary users for
requests that use attachment editing.

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.003

Percentile

71.5%