1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Candidate: CVE-2014-1517
PublicDate: 2014-04-19
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1517
https://bugzilla.mozilla.org/show_bug.cgi?id=713926
http://www.bugzilla.org/security/4.0.11/
http://git.mozilla.org/?p=bugzilla/bugzilla.git;a=commit;h=0e390970ba51b14a5dc780be7c6f0d6d7baa67e3
Description:
The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before
4.5.3 does not properly handle a correctly authenticated but unintended
login attempt, which makes it easier for remote authenticated users to
obtain sensitive information by arranging for a victim to login to the
attacker's account and then submit a vulnerability report, related to a
"login CSRF" issue.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_bugzilla:
upstream_bugzilla: released (4.4.3, 4.5.3)
lucid_bugzilla: ignored (reached end-of-life)
precise_bugzilla: DNE
quantal_bugzilla: DNE
saucy_bugzilla: DNE
trusty_bugzilla: DNE
devel_bugzilla: DNE
|