CVE-2011-0046 Information

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10 3.4.x before 3.4.10 3.6.x before 3.6.4 and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi (2) voting in votes.cgi (3) sanity checking in sanitycheck.cgi (4) creating or editing a chart in chart.cgi (5) column changing in colchange.cgi and (6) adding deleting or approving a quip in quips.cgi.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html http://osvdb.org/70705 http://osvdb.org/70706 http://osvdb.org/70707 http://osvdb.org/70708 http://osvdb.org/70709 http://osvdb.org/70710 http://secunia.com/advisories/43033 http://secunia.com/advisories/43165 http://www.bugzilla.org/security/3.2.9/ http://www.debian.org/security/2011/dsa-2322 http://www.securityfocus.com/bid/45982 http://www.vupen.com/english/advisories/2011/0207 http://www.vupen.com/english/advisories/2011/0271 https://bugzilla.mozilla.org/show_bug.cgi?id=621090 https://bugzilla.mozilla.org/show_bug.cgi?id=621105 https://bugzilla.mozilla.org/show_bug.cgi?id=621107 https://bugzilla.mozilla.org/show_bug.cgi?id=621108 https://bugzilla.mozilla.org/show_bug.cgi?id=621109 https://bugzilla.mozilla.org/show_bug.cgi?id=621110 https://exchange.xforce.ibmcloud.com/vulnerabilities/65003