CVE-2011-3669

NameCVE-2011-3669
DescriptionCross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bugzillasource(unstable)(unfixed)low

Notes

[squeeze] - bugzilla <no-dsa> (Minor issue)
[lenny] - bugzilla <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems