CVE-2014-1517 (retired)

Priority
Description
The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before
4.5.3 does not properly handle a correctly authenticated but unintended
login attempt, which makes it easier for remote authenticated users to
obtain sensitive information by arranging for a victim to login to the
attacker's account and then submit a vulnerability report, related to a
"login CSRF" issue.
Package
Upstream:released (4.4.3, 4.5.3)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Updated: 2019-03-26 12:12:37 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)