PT-2013-3364 · Mozilla · Bugzilla

Mateusz Goik

Published

2013-10-24

Updated

2014-05-02

CVE-2013-1733

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Bugzilla versions 4.4.x through 4.4.0

Description A cross-site request forgery issue exists, allowing remote attackers to hijack user authentication for modifying bugs. This is achieved through vectors involving a midair-collision token.

Recommendations For Bugzilla versions 4.4.x through 4.4.0, update to version 4.4.1 or later to resolve the issue.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2013-1733

MGASA-2014-0199

Affected Products

Bugzilla

PT-2013-3364 · Mozilla · Bugzilla

CVE-2013-1733

Weakness Enumeration

Related Identifiers

Affected Products

References · 11