https://bugzilla.redhat.com/show_bug.cgi?id=1546886 Bug ID: 1546886 Summary: CVE-2018-5123 bugzilla: CSRF in report.cgi allows to extract confidential information from a bug Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@xxxxxxxxxx Reporter: lpardo@xxxxxxxxxx CC: bazanluis20@xxxxxxxxx, emmanuel@xxxxxxxxx, itamar@xxxxxxxxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx A flaw was found in Bugzilla Bugzilla 2.16rc1 to 4.4.12, 4.5.1 to 5.0.3. A Cross-Site Request Forgery (CSRF) vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to. References: https://packetstormsecurity.com/files/146473/bugzilla45-xsrf.txt https://bugzilla.mozilla.org/show_bug.cgi?id=1433400 Patch: https://bugzilla.mozilla.org/attachment.cgi?id=8950824&action=edit [4.4] https://bugzilla.mozilla.org/attachment.cgi?id=8951341&action=edit [5.0] -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
