CVE-2011-3669

Priority
Medium
Description
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in
Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack
the authentication of arbitrary users for requests that upload attachments.
References
Bugs
Package
Upstream:released (4.2rc1)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.04 (Raring Ringtail):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2013-12-20 21:16:47 UTC (commit 7585)