Lucene search
HistoryOct 24, 2013 - 10:53 a.m.
CVE-2013-1734
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
50.1%
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action.
Affected configurations
Node
mozillabugzillaMatch2.0
ORmozillabugzillaMatch2.2
ORmozillabugzillaMatch2.4
ORmozillabugzillaMatch2.6
ORmozillabugzillaMatch2.8
ORmozillabugzillaMatch2.9
ORmozillabugzillaMatch2.10
ORmozillabugzillaMatch2.12
ORmozillabugzillaMatch2.14
ORmozillabugzillaMatch2.14.1
ORmozillabugzillaMatch2.14.2
ORmozillabugzillaMatch2.14.3
ORmozillabugzillaMatch2.14.4
ORmozillabugzillaMatch2.14.5
ORmozillabugzillaMatch2.16
ORmozillabugzillaMatch2.16rc1
ORmozillabugzillaMatch2.16rc2
ORmozillabugzillaMatch2.16.1
ORmozillabugzillaMatch2.16.2
ORmozillabugzillaMatch2.16.3
ORmozillabugzillaMatch2.16.4
ORmozillabugzillaMatch2.16.5
ORmozillabugzillaMatch2.16.6
ORmozillabugzillaMatch2.16.7
ORmozillabugzillaMatch2.16.8
ORmozillabugzillaMatch2.16.9
ORmozillabugzillaMatch2.16.10
ORmozillabugzillaMatch2.16.11
ORmozillabugzillaMatch2.17
ORmozillabugzillaMatch2.17.1
ORmozillabugzillaMatch2.17.2
ORmozillabugzillaMatch2.17.3
ORmozillabugzillaMatch2.17.4
ORmozillabugzillaMatch2.17.5
ORmozillabugzillaMatch2.17.6
ORmozillabugzillaMatch2.17.7
ORmozillabugzillaMatch2.18
ORmozillabugzillaMatch2.18rc1
ORmozillabugzillaMatch2.18rc2
ORmozillabugzillaMatch2.18rc3
ORmozillabugzillaMatch2.18.1
ORmozillabugzillaMatch2.18.2
ORmozillabugzillaMatch2.18.3
ORmozillabugzillaMatch2.18.4
ORmozillabugzillaMatch2.18.5
ORmozillabugzillaMatch2.18.6
ORmozillabugzillaMatch2.18.6\+
ORmozillabugzillaMatch2.18.7
ORmozillabugzillaMatch2.18.8
ORmozillabugzillaMatch2.18.9
ORmozillabugzillaMatch2.19
ORmozillabugzillaMatch2.19.1
ORmozillabugzillaMatch2.19.2
ORmozillabugzillaMatch2.19.3
ORmozillabugzillaMatch2.20
ORmozillabugzillaMatch2.20rc1
ORmozillabugzillaMatch2.20rc2
ORmozillabugzillaMatch2.20.1
ORmozillabugzillaMatch2.20.2
ORmozillabugzillaMatch2.20.3
ORmozillabugzillaMatch2.20.4
ORmozillabugzillaMatch2.20.5
ORmozillabugzillaMatch2.20.6
ORmozillabugzillaMatch2.20.7
ORmozillabugzillaMatch2.21
ORmozillabugzillaMatch2.21.1
ORmozillabugzillaMatch2.21.2
ORmozillabugzillaMatch2.21.2rc1
ORmozillabugzillaMatch2.22
ORmozillabugzillaMatch2.22rc1
ORmozillabugzillaMatch2.22.1
ORmozillabugzillaMatch2.22.2
ORmozillabugzillaMatch2.22.3
ORmozillabugzillaMatch2.22.4
ORmozillabugzillaMatch2.22.5
ORmozillabugzillaMatch2.22.6
ORmozillabugzillaMatch2.22.7
ORmozillabugzillaMatch2.23
ORmozillabugzillaMatch2.23.1
ORmozillabugzillaMatch2.23.2
ORmozillabugzillaMatch2.23.3
ORmozillabugzillaMatch2.23.4
Node
mozillabugzillaMatch3.0
ORmozillabugzillaMatch3.0rc1
ORmozillabugzillaMatch3.0.0
ORmozillabugzillaMatch3.0.1
ORmozillabugzillaMatch3.0.2
ORmozillabugzillaMatch3.0.3
ORmozillabugzillaMatch3.0.4
ORmozillabugzillaMatch3.0.5
ORmozillabugzillaMatch3.0.6
ORmozillabugzillaMatch3.0.7
ORmozillabugzillaMatch3.0.8
ORmozillabugzillaMatch3.0.9
ORmozillabugzillaMatch3.0.10
ORmozillabugzillaMatch3.0.11
ORmozillabugzillaMatch3.1.0
ORmozillabugzillaMatch3.1.1
ORmozillabugzillaMatch3.1.2
ORmozillabugzillaMatch3.1.3
ORmozillabugzillaMatch3.1.4
ORmozillabugzillaMatch3.2
ORmozillabugzillaMatch3.2rc1
ORmozillabugzillaMatch3.2rc2
ORmozillabugzillaMatch3.2.1
ORmozillabugzillaMatch3.2.2
ORmozillabugzillaMatch3.2.3
ORmozillabugzillaMatch3.2.4
ORmozillabugzillaMatch3.2.5
ORmozillabugzillaMatch3.2.6
ORmozillabugzillaMatch3.2.7
ORmozillabugzillaMatch3.2.8
ORmozillabugzillaMatch3.2.9
ORmozillabugzillaMatch3.2.10
ORmozillabugzillaMatch3.3
ORmozillabugzillaMatch3.3.1
ORmozillabugzillaMatch3.3.2
ORmozillabugzillaMatch3.3.3
ORmozillabugzillaMatch3.3.4
ORmozillabugzillaMatch3.4
ORmozillabugzillaMatch3.4rc1
ORmozillabugzillaMatch3.4.1
ORmozillabugzillaMatch3.4.2
ORmozillabugzillaMatch3.4.3
ORmozillabugzillaMatch3.4.4
ORmozillabugzillaMatch3.4.5
ORmozillabugzillaMatch3.4.6
ORmozillabugzillaMatch3.4.7
ORmozillabugzillaMatch3.4.8
ORmozillabugzillaMatch3.4.9
ORmozillabugzillaMatch3.4.10
ORmozillabugzillaMatch3.4.11
ORmozillabugzillaMatch3.4.12
ORmozillabugzillaMatch3.4.13
ORmozillabugzillaMatch3.5
ORmozillabugzillaMatch3.5.1
ORmozillabugzillaMatch3.5.2
ORmozillabugzillaMatch3.5.3
ORmozillabugzillaMatch3.6
ORmozillabugzillaMatch3.6rc1
ORmozillabugzillaMatch3.6.0
ORmozillabugzillaMatch3.6.1
ORmozillabugzillaMatch3.6.2
ORmozillabugzillaMatch3.6.3
ORmozillabugzillaMatch3.6.4
ORmozillabugzillaMatch3.6.5
ORmozillabugzillaMatch3.6.6
ORmozillabugzillaMatch3.6.7
ORmozillabugzillaMatch3.6.8
ORmozillabugzillaMatch3.6.9
ORmozillabugzillaMatch3.6.10
ORmozillabugzillaMatch3.6.11
ORmozillabugzillaMatch3.6.12
ORmozillabugzillaMatch3.6.13
ORmozillabugzillaMatch3.7
ORmozillabugzillaMatch3.7.1
ORmozillabugzillaMatch3.7.2
ORmozillabugzillaMatch3.7.3
Node
mozillabugzillaMatch4.0
ORmozillabugzillaMatch4.0rc1
ORmozillabugzillaMatch4.0rc2
ORmozillabugzillaMatch4.0.1
ORmozillabugzillaMatch4.0.2
ORmozillabugzillaMatch4.0.3
ORmozillabugzillaMatch4.0.4
ORmozillabugzillaMatch4.0.5
ORmozillabugzillaMatch4.0.6
ORmozillabugzillaMatch4.0.7
ORmozillabugzillaMatch4.0.8
ORmozillabugzillaMatch4.0.9
ORmozillabugzillaMatch4.0.10
Node
mozillabugzillaMatch4.3
ORmozillabugzillaMatch4.3.1
ORmozillabugzillaMatch4.3.2
ORmozillabugzillaMatch4.3.3
Node
mozillabugzillaMatch4.1
ORmozillabugzillaMatch4.1.1
ORmozillabugzillaMatch4.1.2
ORmozillabugzillaMatch4.1.3
Node
mozillabugzillaMatch4.2
ORmozillabugzillaMatch4.2rc1
ORmozillabugzillaMatch4.2rc2
ORmozillabugzillaMatch4.2.1
ORmozillabugzillaMatch4.2.2
ORmozillabugzillaMatch4.2.3
ORmozillabugzillaMatch4.2.4
ORmozillabugzillaMatch4.2.5
Node
mozillabugzillaMatch4.4
ORmozillabugzillaMatch4.4rc1
ORmozillabugzillaMatch4.4rc2
Related
prion
prion
Cross site request forgery (csrf)
2013-10-24 10:53:00
cve
cve
CVE-2013-1734
2022-10-03 16:14:47
cvelist
cvelist
CVE-2013-1734
2022-10-03 16:14:47
ubuntucve
ubuntucve
CVE-2013-1734
2013-10-24 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: bugzilla-4.2.7-1.fc20
2013-11-10 07:27:24
[SECURITY] Fedora 19 Update: bugzilla-4.2.7-1.fc19
2013-10-29 03:47:45
[SECURITY] Fedora 18 Update: bugzilla-4.2.7-1.fc18
2013-10-29 03:46:48
nessus
nessus
Bugzilla < 4.0.11 / 4.2.7 / 4.4.1 Multiple Vulnerabilities
2013-10-31 00:00:00
Fedora 18 : bugzilla-4.2.7-1.fc18 (2013-19458)
2013-10-29 00:00:00
Fedora 20 : bugzilla-4.2.7-1.fc20 (2013-19402)
2013-11-11 00:00:00
openvas
openvas
Fedora Update for bugzilla FEDORA-2013-19480
2013-10-29 00:00:00
Fedora Update for bugzilla FEDORA-2013-19480
2013-10-29 00:00:00
Fedora Update for bugzilla FEDORA-2013-19458
2013-10-29 00:00:00
freebsd
freebsd
bugzilla -- multiple vulnerabilities
2013-10-16 00:00:00
securityvulns
securityvulns
Security Advisory for Bugzilla 4.4.1, 4.2.7 and 4.0.11
2013-10-27 00:00:00
[ MDVSA-2013:285 ] bugzilla
2013-12-09 00:00:00
mageia
mageia
Updated bugzilla package fixes multiple vulnerabilities
2014-05-02 21:50:55
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
50.1%
Related for NVD:CVE-2013-1734