CVE-2012-0440

Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API.
CSRF
Severity
UNKNOWN
AV:N/AC:H/Au:N/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
HIGH
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
mozillabugzilla
3.6
mozillabugzilla
3.6
mozillabugzilla
3.6.0
mozillabugzilla
3.6.1
mozillabugzilla
3.6.2
mozillabugzilla
3.6.3
mozillabugzilla
3.6.4
mozillabugzilla
3.6.5
mozillabugzilla
3.6.6
mozillabugzilla
3.6.7
mozillabugzilla
3.7
mozillabugzilla
3.7.1
mozillabugzilla
3.7.2
mozillabugzilla
3.7.3
mozillabugzilla
4.0
mozillabugzilla
4.0
mozillabugzilla
4.0
mozillabugzilla
4.0.1
mozillabugzilla
4.0.2
mozillabugzilla
4.0.3
mozillabugzilla
3.5
mozillabugzilla
3.5.1
mozillabugzilla
3.5.2
mozillabugzilla
3.5.3
mozillabugzilla
4.1
mozillabugzilla
4.1.1
mozillabugzilla
4.1.2
mozillabugzilla
4.1.3
mozillabugzilla
4.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bugzilla
raring
dne
quantal
dne
precise
dne
oneiric
ignored
natty
ignored
maverick
ignored
lucid
not-affected
hardy
ignored