CVE-2011-3669 in Bugzillainfo

Summary

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

09/23/2011

Disclosure

01/02/2012

Moderation

VulDB entry created

Entries

1: VDB-59867

CPE

ready

CWE

CWE-352 (Confirmed)

CVSS

6.3

EPSS

0.00128

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-3669
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-3669
CVE Details	https://www.cvedetails.com/cve/CVE-2011-3669/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!