Vulnerability Description
The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.0 |
| Fedoraproject | Fedora | 19 |
Related Weaknesses (CWE)
References
- http://git.mozilla.org/?p=bugzilla/bugzilla.git%3Ba=commit%3Bh=0e390970ba51b14a5
- http://lists.fedoraproject.org/pipermail/package-announce/2014-April/132281.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-April/132309.html
- http://www.bugzilla.org/security/4.0.11/Vendor Advisory
- http://www.securitytracker.com/id/1030128
- https://bugzilla.mozilla.org/show_bug.cgi?id=713926Patch
- http://git.mozilla.org/?p=bugzilla/bugzilla.git%3Ba=commit%3Bh=0e390970ba51b14a5
- http://lists.fedoraproject.org/pipermail/package-announce/2014-April/132281.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-April/132309.html
- http://www.bugzilla.org/security/4.0.11/Vendor Advisory
- http://www.securitytracker.com/id/1030128
- https://bugzilla.mozilla.org/show_bug.cgi?id=713926Patch
FAQ
What is CVE-2014-1517?
CVE-2014-1517 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenti...
How severe is CVE-2014-1517?
CVE-2014-1517 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1517?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla, Fedoraproject Fedora.