[Bug 1546886] New: CVE-2018-5123 bugzilla: CSRF in report.cgi allows to extract confidential information from a bug

bugzilla Mon, 19 Feb 2018 14:10:04 -0800

https://bugzilla.redhat.com/show_bug.cgi?id=1546886


            Bug ID: 1546886
           Summary: CVE-2018-5123 bugzilla: CSRF in report.cgi allows to
                    extract confidential information from a bug
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-t...@redhat.com
          Reporter: lpa...@redhat.com
                CC: bazanlui...@gmail.com, emman...@seyman.fr,
                    ita...@ispbrasil.com.br,
                    perl-devel@lists.fedoraproject.org



A flaw was found in Bugzilla Bugzilla 2.16rc1 to 4.4.12, 4.5.1 to 5.0.3. A
Cross-Site Request Forgery (CSRF) vulnerability in report.cgi would allow a
third-party site to extract confidential information from a bug the victim had
access to.


References:
https://packetstormsecurity.com/files/146473/bugzilla45-xsrf.txt
https://bugzilla.mozilla.org/show_bug.cgi?id=1433400

Patch:
https://bugzilla.mozilla.org/attachment.cgi?id=8950824&action=edit [4.4]
https://bugzilla.mozilla.org/attachment.cgi?id=8951341&action=edit [5.0]

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

[Bug 1546886] New: CVE-2018-5123 bugzilla: CSRF in report.cgi allows to extract confidential information from a bug

Reply via email to