Home > Vulnerability Database > CVE-2011-0046

Mend.io Vulnerability Database

CVE-2011-0046

Good to know:

Date: January 28, 2011

Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi.

Language: C

Severity Score

5.6

Related Resources (24)

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/65003

Url: http://www.securityfocus.com/bid/45982

Url: http://www.vupen.com/english/advisories/2011/0271

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=621090

Url: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=621110

Url: http://osvdb.org/70707

Url: http://osvdb.org/70708

Url: http://www.bugzilla.org/security/3.2.9/

Url: http://osvdb.org/70705

Url: http://secunia.com/advisories/43165

Url: http://secunia.com/advisories/43033

Url: http://www.debian.org/security/2011/dsa-2322

Url: http://osvdb.org/70706

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=621105

Url: http://osvdb.org/70709

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-0046

Url: http://www.vupen.com/english/advisories/2011/0207

Url: http://osvdb.org/70710

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=621107

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=621109

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=621108

Url: https://www.mend.io/vulnerability-database/CVE-2011-0046

Severity Score

5.6

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version v4.1.1

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-0046

Good to know:

Date: January 28, 2011

Language: C

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?