4
CVE-2014-1517
- EPSS 1.31%
- Veröffentlicht 20.04.2014 01:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version19
Fedoraproject ≫ Fedora Version20
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.31% | 0.67 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://git.mozilla.org/?p=bugzilla/bugzilla.git%3Ba=commit%3Bh=0e390970ba51b14a5dc780be7c6f0d6d7baa67e3
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/132281.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/132309.html
http://www.bugzilla.org/security/4.0.11/
http://www.securitytracker.com/id/1030128
https://bugzilla.mozilla.org/show_bug.cgi?id=713926