User: Password:
|
|
Subscribe / Log in / New account

bugzilla: multiple vulnerabilities

Package(s):bugzilla CVE #(s):CVE-2013-1734 CVE-2013-1742 CVE-2013-1743
Created:October 29, 2013 Updated:October 30, 2013
Description: From the Red Hat bugzilla:

Class:       Cross-Site Request Forgery
Versions:    2.16rc1 to 4.0.10, 4.1.1 to 4.2.6, 4.3.1 to 4.4
Fixed In:    4.0.11, 4.2.7, 4.4.1
Description: When an attachment is edited, a token is generated to
             validate changes made by the user. Using a crafted URL,
             an attacker could force the token to be recreated,
             allowing him to bypass the token check and abuse a user
             to commit changes on his behalf.
References:  https://bugzilla.mozilla.org/show_bug.cgi?id=913904
CVE Number:  CVE-2013-1734

Class:       Cross-Site Scripting
Versions:    2.17.1 to 4.0.10, 4.1.1 to 4.2.6, 4.3.1 to 4.4
Fixed In:    4.0.11, 4.2.7, 4.4.1
Description: Some parameters passed to editflagtypes.cgi were not
             correctly filtered in the HTML page, which could lead
             to XSS.
References:  https://bugzilla.mozilla.org/show_bug.cgi?id=924802
CVE Number:  CVE-2013-1742

Class:       Cross-Site Scripting
Versions:    4.1.1 to 4.2.6, 4.3.1 to 4.4
Fixed In:    4.2.7, 4.4.1
Description: Due to an incomplete fix for CVE-2012-4189, some
             incorrectly filtered field values in tabular reports
             could lead to XSS.
References:  https://bugzilla.mozilla.org/show_bug.cgi?id=924932
CVE Number:  CVE-2013-1743
Alerts:
Mageia MGASA-2014-0199 bugzilla 2014-05-02
Mandriva MDVSA-2013:285 bugzilla 2013-11-26
Fedora FEDORA-2013-19480 bugzilla 2013-10-29
Fedora FEDORA-2013-19458 bugzilla 2013-10-29

(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds