CVE-2012-0453

Name of the Vulnerable Software and Affected Versions Bugzilla versions 4.0.2 through 4.0.4 Bugzilla versions 4.1.1 through 4.2rc2

Description A cross-site request forgery issue affects the xmlrpc.cgi component in Bugzilla when mod perl is used. This allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API.

Recommendations For Bugzilla versions 4.0.2 through 4.0.4, update to a version outside of this range to resolve the issue. For Bugzilla versions 4.1.1 through 4.2rc2, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the xmlrpc.cgi component until a patch is available.