CVE-2012-0440

EUVD-2012-0472
Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
mozillabugzilla
3.6
mozillabugzilla
3.6:rc1
mozillabugzilla
3.6.0
mozillabugzilla
3.6.1
mozillabugzilla
3.6.2
mozillabugzilla
3.6.3
mozillabugzilla
3.6.4
mozillabugzilla
3.6.5
mozillabugzilla
3.6.6
mozillabugzilla
3.6.7
mozillabugzilla
3.7
mozillabugzilla
3.7.1
mozillabugzilla
3.7.2
mozillabugzilla
3.7.3
mozillabugzilla
4.0
mozillabugzilla
4.0:rc1
mozillabugzilla
4.0:rc2
mozillabugzilla
4.0.1
mozillabugzilla
4.0.2
mozillabugzilla
4.0.3
mozillabugzilla
3.5
mozillabugzilla
3.5.1
mozillabugzilla
3.5.2
mozillabugzilla
3.5.3
mozillabugzilla
4.1
mozillabugzilla
4.1.1
mozillabugzilla
4.1.2
mozillabugzilla
4.1.3
mozillabugzilla
4.2:rc1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bugzilla
hardy
ignored
lucid
not-affected
maverick
ignored
natty
ignored
oneiric
ignored
precise
dne
quantal
dne
raring
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/47814
http://www.bugzilla.org/security/3.4.13/
http://www.securitytracker.com/id?1026623
https://bugzilla.mozilla.org/show_bug.cgi?id=718319
https://exchange.xforce.ibmcloud.com/vulnerabilities/72882
http://secunia.com/advisories/47814
http://www.bugzilla.org/security/3.4.13/
http://www.securitytracker.com/id?1026623
https://bugzilla.mozilla.org/show_bug.cgi?id=718319
https://exchange.xforce.ibmcloud.com/vulnerabilities/72882