CVE-2009-1213

Bugzilla 3.2-3.2.2 and 3.3-3.3.3 - Cross-Site Request Forgery via Attachment Editing

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.

References (10)

Core 10
Core References
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0887
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49524
Patch, Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.2.2/
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34545
Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=476603
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34308
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34547
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34624

Scores

EPSS 0.0069
EPSS Percentile 48.5%

Details

CWE
CWE-352
Status published
Products (7)
mozilla/bugzilla 3.2 (3 CPE variants)
mozilla/bugzilla 3.2.1
mozilla/bugzilla 3.2.2
mozilla/bugzilla 3.3
mozilla/bugzilla 3.3.1
mozilla/bugzilla 3.3.2
mozilla/bugzilla 3.3.3
Published Apr 01, 2009
Tracked Since Feb 18, 2026