Bugzilla 2.0 < 4.4.3 / 4.5.3 Login Form XSRF
Medium Nessus Plugin ID 74107
SynopsisThe remote web server contains a web application that suffers from a cross-site request forgery vulnerability.
DescriptionAccording to its banner, the version of Bugzilla installed on the remote host is after version 2.0 but prior to 4.4.3 / 4.5.3. It is, therefore, affected by a cross-site request forgery vulnerability.
The vulnerability exists with the login form and could allow a remote attacker to cause a user to login using the attacker's credentials, alerting the attacker of any bugs the user submits.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Bugzilla 4.4.3 / 4.5.3 or later.