CVE-2014-1517

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.x through 4.4.2 Bugzilla versions 4.5.x prior to 4.5.3

Description The issue is related to a "login CSRF" problem where the login form does not properly handle a correctly authenticated but unintended login attempt. This makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report.

Recommendations For Bugzilla versions 2.x through 4.4.2, update to version 4.4.3 or later. For Bugzilla versions 4.5.x prior to 4.5.3, update to version 4.5.3 or later.