Netfuzzerr

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 3.5.x through 3.6.7 Bugzilla versions 3.7.x through 4.0.3 Bugzilla versions 4.1.x through 4.2rc1 **Description** A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API. **Recommendations** For Bugzilla versions 3.5.x through 3.6.7, update to version 3.6.8 or later. For Bugzilla versions 3.7.x through 4.0.3, update to version 4.0.4 or later. For Bugzilla versions 4.1.x through 4.2rc1, update to version 4.2rc2 or later.

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 2.x through 4.x before 4.2rc1 **Description** A cross-site request forgery issue allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports. **Recommendations** For Bugzilla versions 2.x through 4.x before 4.2rc1, update to version 4.2rc1 or later to resolve the issue.