Bugzilla Command Validation Flaws Permit Cross-Site Request Forgery Attacks
|
|
SecurityTracker Alert ID: 1021670 |
|
SecurityTracker URL: http://securitytracker.com/id/1021670
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 4 2009
|
Impact:
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): versions prior to 2.22.7, 3.0.7, 3.2.1, 3.3.2
|
Description:
A vulnerability was reported in Bugzilla. A remote user can conduct cross-site request forgery attacks.
Calls to the 'process_bug.cgi' script are not properly validated. A remote user can create a specially crafted HTML that, when loaded by a target user, will cause arbitrary Bugzilla commands to be executed by the target user's browser.
Requests for deleting saved searches, keywords, or unused flags and requests for updating preferences are not properly validated. A remote user can create a specially crafted URL that, when loaded by a target user, will cause certain Bugzilla commands to be executed by the target user's browser.
|
Impact:
A remote user can cause Bugzilla commands to be executed by the target user.
|
Solution:
The vendor has issued a fix (2.22.7, 3.0.7, 3.2.1, 3.3.2).
A fix for the 'process_bug.cgi' vulnerability is only available in 3.2.1 and 3.3.2.
The vendor's advisory is available at:
http://www.bugzilla.org/security/2.22.6/
|
Vendor URL: www.bugzilla.org/security/2.22.6/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 3 Feb 2009 23:23:10 -0500
Subject: Bugzilla
|
http://www.bugzilla.org/security/2.22.6/
|
|
