Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2011-01-28T15:00:00
Updated: 2024-08-06T21:43:13.949Z
Reserved: 2010-12-21T00:00:00
Link: CVE-2011-0046
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-01-28T16:00:02.987
Modified: 2017-08-17T01:33:23.807
Link: CVE-2011-0046
Redhat
No data.