Bugzilla 3.7.x < 4.0.14 / 4.2.10 / 4.4.5 / 4.5.5 Cross-Site Request Forgery
Medium Nessus Network Monitor Plugin ID 8579
SynopsisThe remote host is running a version of Bugzilla affected by a cross-site request forgery (CSRF) vulnerability.
DescriptionThe remote web server is hosting Bugzilla, a web-based bug tracking application. Versions of Bugzilla 3.7.x / 4.x prior to 4.0.14 / 4.2.10 / 4.4.5 / 4.5.5 are potentially exposed to a flaw as data from callback APIs is not properly sanitized before being submitted to the JSONP endpoint, 'jsonrpc.cgi'. With a specially crafted OBJECT element with SWF content satisfying the character set requirements of a callback API, a context-dependent attacker can perform a cross-site request forgery (CSRF) attack causing the victim to disclose sensitive bug information.
SolutionThe fixes for these issues are included in the 4.0.14, 4.2.10, 4.4.5, and 4.5.5 releases.