7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.1%
Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x
before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not
properly generate random values for cookies and tokens, which allows remote
attackers to obtain access to arbitrary accounts via unspecified vectors,
related to an insufficient number of calls to the srand function.