CVE-2014-1517
Bugzilla 2.x-4.4.2 and 4.5.x < 4.5.3 - Authenticated Login CSRF
Title source: llmDescription
The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue.
References (6)
Core 6
Core References
Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=713926
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/4.0.11/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/132281.html
Issue Tracking x_refsource_confirm
http://git.mozilla.org/?p=bugzilla/bugzilla.git%3Ba=commit%3Bh=0e390970ba51b14a5dc780be7c6f0d6d7baa67e3
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/132309.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030128
Scores
EPSS
0.0039
EPSS Percentile
60.6%
Details
CWE
CWE-287
Status
published
Products (45)
fedoraproject/fedora
19
fedoraproject/fedora
20
mozilla/bugzilla
2.0
mozilla/bugzilla
2.2
mozilla/bugzilla
2.4
mozilla/bugzilla
2.6
mozilla/bugzilla
2.8
mozilla/bugzilla
2.9
mozilla/bugzilla
2.10
mozilla/bugzilla
2.12
... and 35 more
Published
Apr 20, 2014
Tracked Since
Feb 18, 2026