CVE-2011-0046

Name of the Vulnerable Software and Affected Versions Bugzilla versions prior to 3.2.10 Bugzilla versions 3.4.x prior to 3.4.10 Bugzilla versions 3.6.x prior to 3.6.4 Bugzilla versions 4.0.x prior to 4.0rc2

Description The issue allows remote attackers to hijack the authentication of arbitrary users for various requests, including adding a saved search in "buglist.cgi", voting in "votes.cgi", sanity checking in "sanitycheck.cgi", creating or editing a chart in "chart.cgi", column changing in "colchange.cgi", and adding, deleting, or approving a quip in "quips.cgi".

Recommendations For versions prior to 3.2.10, update to version 3.2.10 or later. For versions 3.4.x prior to 3.4.10, update to version 3.4.10 or later. For versions 3.6.x prior to 3.6.4, update to version 3.6.4 or later. For versions 4.0.x prior to 4.0rc2, update to version 4.0rc2 or later.