Launchpad.net

CVE 2011-0046

Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi.

Related bugs and status

CVE-2011-0046 (Candidate) is related to these bugs:

Bug #737760: Several security vulnerabilities

Summary				In	Importance	Status
	737760	Several security vulnerabilities		bugzilla (Ubuntu)	High	Fix Released
	737760	Several security vulnerabilities		bugzilla (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.bugzilla.or...
CONFIRM: https://bugzilla.mozil...
CONFIRM: https://bugzilla.mozil...
CONFIRM: https://bugzilla.mozil...
CONFIRM: https://bugzilla.mozil...
CONFIRM: https://bugzilla.mozil...
CONFIRM: https://bugzilla.mozil...
BID: 45982
SECUNIA: 43033
VUPEN: ADV-2011-0207
OSVDB: 70705
OSVDB: 70706
OSVDB: 70707
OSVDB: 70708
OSVDB: 70709
OSVDB: 70710
FEDORA: FEDORA-2011-0741
FEDORA: FEDORA-2011-0755
SECUNIA: 43165
VUPEN: ADV-2011-0271
DEBIAN: DSA-2322
XF: bugzilla-unspec-csrf(6...