6.8
CVE-2013-1733
- EPSS 0.58%
- Veröffentlicht 24.10.2013 10:53:07
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.43 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://www.bugzilla.org/security/4.0.10/
https://bugzilla.mozilla.org/show_bug.cgi?id=911593