https://bugzilla.redhat.com/show_bug.cgi?id=1546886
Bug ID: 1546886 Summary: CVE-2018-5123 bugzilla: CSRF in report.cgi allows to extract confidential information from a bug Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: lpardo@redhat.com CC: bazanluis20@gmail.com, emmanuel@seyman.fr, itamar@ispbrasil.com.br, perl-devel@lists.fedoraproject.org
A flaw was found in Bugzilla Bugzilla 2.16rc1 to 4.4.12, 4.5.1 to 5.0.3. A Cross-Site Request Forgery (CSRF) vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to.
References: https://packetstormsecurity.com/files/146473/bugzilla45-xsrf.txt https://bugzilla.mozilla.org/show_bug.cgi?id=1433400
Patch: https://bugzilla.mozilla.org/attachment.cgi?id=8950824&action=edit [4.4] https://bugzilla.mozilla.org/attachment.cgi?id=8951341&action=edit [5.0]
https://bugzilla.redhat.com/show_bug.cgi?id=1546886
Laura Pardo lpardo@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1546887
--- Comment #1 from Laura Pardo lpardo@redhat.com --- Created bugzilla tracking bugs for this issue:
Affects: epel-6 [bug 1546887]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1546887 [Bug 1546887] CVE-2018-5123 bugzilla: CSRF in report.cgi allows to extract confidential information from a bug [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1546886 Bug 1546886 depends on bug 1546887, which changed state.
Bug 1546887 Summary: CVE-2018-5123 bugzilla: CSRF in report.cgi allows to extract confidential information from a bug [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1546887
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX
perl-devel@lists.fedoraproject.org