CVE-2009-0482: CSRF
First published: Mon Feb 09 2009(Updated: )
Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Bugzilla | =3.0.4 | |
| Mozilla Bugzilla | =2.16.8 | |
| Mozilla Bugzilla | =3.0.0 | |
| Mozilla Bugzilla | =2.16_rc2 | |
| Mozilla Bugzilla | =3.0.1 | |
| Mozilla Bugzilla | =2.18.8 | |
| Mozilla Bugzilla | =2.17.6 | |
| Mozilla Bugzilla | =2.18.5 | |
| Mozilla Bugzilla | =2.19.3 | |
| Mozilla Bugzilla | =2.20-rc2 | |
| Mozilla Bugzilla | =2.18.6 | |
| Mozilla Bugzilla | =2.17.2 | |
| Mozilla Bugzilla | =2.20-rc1 | |
| Mozilla Bugzilla | =2.16.1 | |
| Mozilla Bugzilla | =2.20 | |
| Mozilla Bugzilla | =2.19 | |
| Mozilla Bugzilla | =2.18-rc1 | |
| Mozilla Bugzilla | =2.16.2 | |
| Mozilla Bugzilla | =2.16.11 | |
| Mozilla Bugzilla | =2.20.5 | |
| Mozilla Bugzilla | =2.20.6 | |
| Mozilla Bugzilla | =2.22.3 | |
| Mozilla Bugzilla | =2.22.6 | |
| Mozilla Bugzilla | =2.17.4 | |
| Mozilla Bugzilla | =2.16-rc1 | |
| Mozilla Bugzilla | =2.21.2 | |
| Mozilla Bugzilla | =2.10 | |
| Mozilla Bugzilla | =2.17.1 | |
| Mozilla Bugzilla | =2.16 | |
| Mozilla Bugzilla | =2.22.1 | |
| Mozilla Bugzilla | =2.16.9 | |
| Mozilla Bugzilla | =3.0.6 | |
| Mozilla Bugzilla | =2.20.1 | |
| Mozilla Bugzilla | =2.14.2 | |
| Mozilla Bugzilla | =2.18.7 | |
| Mozilla Bugzilla | =2.22.2 | |
| Mozilla Bugzilla | =2.18.1 | |
| Mozilla Bugzilla | =2.22-rc1 | |
| Mozilla Bugzilla | =2.14.3 | |
| Mozilla Bugzilla | =2.22.5 | |
| Mozilla Bugzilla | =2.14.4 | |
| Mozilla Bugzilla | =2.19.1 | |
| Mozilla Bugzilla | =2.16.7 | |
| Mozilla Bugzilla | =2.17.5 | |
| Mozilla Bugzilla | =2.22 | |
| Mozilla Bugzilla | =2.17.3 | |
| Mozilla Bugzilla | =2.16.4 | |
| Mozilla Bugzilla | =2.12 | |
| Mozilla Bugzilla | =3.0.3 | |
| Mozilla Bugzilla | =3.2 | |
| Mozilla Bugzilla | =2.20.3 | |
| Mozilla Bugzilla | =3.0.2 | |
| Mozilla Bugzilla | =2.18.4 | |
| Mozilla Bugzilla | =2.16.3 | |
| Mozilla Bugzilla | =2.14.5 | |
| Mozilla Bugzilla | =2.18.9 | |
| Mozilla Bugzilla | =2.18 | |
| Mozilla Bugzilla | =2.18.3 | |
| Mozilla Bugzilla | =2.17.7 | |
| Mozilla Bugzilla | =2.20.2 | |
| Mozilla Bugzilla | =2.20.4 | |
| Mozilla Bugzilla | =2.21.1 | |
| Mozilla Bugzilla | =2.18-rc3 | |
| Mozilla Bugzilla | =2.17 | |
| Mozilla Bugzilla | =2.16.6 | |
| Mozilla Bugzilla | =2.18.2 | |
| Mozilla Bugzilla | =2.18-rc2 | |
| Mozilla Bugzilla | =3.0.5 | |
| Mozilla Bugzilla | =2.14.1 | |
| Mozilla Bugzilla | =2.22.4 | |
| Mozilla Bugzilla | =2.21 | |
| Mozilla Bugzilla | =2.16.5 | |
| Mozilla Bugzilla | =3.3.1 | |
| Mozilla Bugzilla | =2.14 | |
| Mozilla Bugzilla | =2.19.2 | |
| Mozilla Bugzilla | =2.16.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-0482?
CVE-2009-0482 has been classified as a moderate severity vulnerability.
How do I fix CVE-2009-0482?
To fix CVE-2009-0482, upgrade Bugzilla to version 3.2.1 or later.
What type of vulnerability is CVE-2009-0482?
CVE-2009-0482 is a Cross-site request forgery (CSRF) vulnerability.
Which versions of Bugzilla are affected by CVE-2009-0482?
Versions of Bugzilla prior to 3.2.1 and 3.3.2 are affected by CVE-2009-0482.
What can attackers achieve with CVE-2009-0482?
Attackers can perform bug updating activities as other users through a crafted link or IMG tag.
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/mozilla
- canonical/mozilla bugzilla
- version/mozilla bugzilla/3.0.4
- version/mozilla bugzilla/2.16.8
- version/mozilla bugzilla/3.0.0
- version/mozilla bugzilla/2.16_rc2
- version/mozilla bugzilla/3.0.1
- version/mozilla bugzilla/2.18.8
- version/mozilla bugzilla/2.17.6
- version/mozilla bugzilla/2.18.5
- version/mozilla bugzilla/2.19.3
- version/mozilla bugzilla/2.20-rc2
- version/mozilla bugzilla/2.18.6
- version/mozilla bugzilla/2.17.2
- version/mozilla bugzilla/2.20-rc1
- version/mozilla bugzilla/2.16.1
- version/mozilla bugzilla/2.20
- version/mozilla bugzilla/2.19
- version/mozilla bugzilla/2.18-rc1
- version/mozilla bugzilla/2.16.2
- version/mozilla bugzilla/2.16.11
- version/mozilla bugzilla/2.20.5
- version/mozilla bugzilla/2.20.6
- version/mozilla bugzilla/2.22.3
- version/mozilla bugzilla/2.22.6
- version/mozilla bugzilla/2.17.4
- version/mozilla bugzilla/2.16-rc1
- version/mozilla bugzilla/2.21.2
- version/mozilla bugzilla/2.10
- version/mozilla bugzilla/2.17.1
- version/mozilla bugzilla/2.16
- version/mozilla bugzilla/2.22.1
- version/mozilla bugzilla/2.16.9
- version/mozilla bugzilla/3.0.6
- version/mozilla bugzilla/2.20.1
- version/mozilla bugzilla/2.14.2
- version/mozilla bugzilla/2.18.7
- version/mozilla bugzilla/2.22.2
- version/mozilla bugzilla/2.18.1
- version/mozilla bugzilla/2.22-rc1
- version/mozilla bugzilla/2.14.3
- version/mozilla bugzilla/2.22.5
- version/mozilla bugzilla/2.14.4
- version/mozilla bugzilla/2.19.1
- version/mozilla bugzilla/2.16.7
- version/mozilla bugzilla/2.17.5
- version/mozilla bugzilla/2.22
- version/mozilla bugzilla/2.17.3
- version/mozilla bugzilla/2.16.4
- version/mozilla bugzilla/2.12
- version/mozilla bugzilla/3.0.3
- version/mozilla bugzilla/3.2
- version/mozilla bugzilla/2.20.3
- version/mozilla bugzilla/3.0.2
- version/mozilla bugzilla/2.18.4
- version/mozilla bugzilla/2.16.3
- version/mozilla bugzilla/2.14.5
- version/mozilla bugzilla/2.18.9
- version/mozilla bugzilla/2.18
- version/mozilla bugzilla/2.18.3
- version/mozilla bugzilla/2.17.7
- version/mozilla bugzilla/2.20.2
- version/mozilla bugzilla/2.20.4
- version/mozilla bugzilla/2.21.1
- version/mozilla bugzilla/2.18-rc3
- version/mozilla bugzilla/2.17
- version/mozilla bugzilla/2.16.6
- version/mozilla bugzilla/2.18.2
- version/mozilla bugzilla/2.18-rc2
- version/mozilla bugzilla/3.0.5
- version/mozilla bugzilla/2.14.1
- version/mozilla bugzilla/2.22.4
- version/mozilla bugzilla/2.21
- version/mozilla bugzilla/2.16.5
- version/mozilla bugzilla/3.3.1
- version/mozilla bugzilla/2.14
- version/mozilla bugzilla/2.19.2
- version/mozilla bugzilla/2.16.10