PT-2019-10958 · Mozilla · Bugzilla

Holger Fuhrmannek

Published

2018-03-19

Updated

2019-05-08

CVE-2018-5123

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Bugzilla versions prior to 4.4

Description: A security issue allows a third-party website to access restricted information available to a user through the image generation feature in the report.cgi module.

Recommendations: For versions prior to 4.4, update to version 4.4 or later to resolve the issue.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-5123

MGASA-2018-0173

Affected Products

Bugzilla

PT-2019-10958 · Mozilla · Bugzilla

CVE-2018-5123

Weakness Enumeration

Related Identifiers

Affected Products

References · 9