CVE-2011-3669

Bugzilla 2.x-4.x - Cross-Site Request Forgery via Attachment Upload

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=703983
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47368
Exploit x_refsource_confirm
http://www.bugzilla.org/security/3.4.12/

Scores

EPSS 0.0095
EPSS Percentile 56.9%

Details

CWE
CWE-352
Status published
Products (45)
mozilla/bugzilla 2.0
mozilla/bugzilla 2.2
mozilla/bugzilla 2.4
mozilla/bugzilla 2.6
mozilla/bugzilla 2.8
mozilla/bugzilla 2.9
mozilla/bugzilla 2.10
mozilla/bugzilla 2.12
mozilla/bugzilla 2.14
mozilla/bugzilla 2.14.1
... and 35 more
Published Jan 02, 2012
Tracked Since Feb 18, 2026