CVE-2009-1213

NameCVE-2009-1213
DescriptionCross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs514143

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bugzillasource(unstable)3.2.4.0-1low514143

Notes

[etch] - bugzilla <no-dsa> (Minor issue)
[lenny] - bugzilla <no-dsa> (Minor issue)
should this really be considered minor? See fedora bug and FSA:
- https://bugzilla.redhat.com/show_bug.cgi?id=494398
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.html
Search for package or bug name: Reporting problems