Unrated severityNVD Advisory· Published Apr 1, 2009· Updated Apr 23, 2026
CVE-2009-1213
CVE-2009-1213
Description
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.
Affected products
9cpe:2.3:a:mozilla:bugzilla:3.2:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:mozilla:bugzilla:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:3.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:3.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:3.3.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.bugzilla.org/security/3.2.2/nvdPatchVendor Advisory
- www.vupen.com/english/advisories/2009/0887nvdPatchVendor Advisory
- secunia.com/advisories/34545nvdVendor Advisory
- secunia.com/advisories/34547nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdVendor Advisory
- secunia.com/advisories/34624nvd
- www.securityfocus.com/bid/34308nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/49524nvd
- www.redhat.com/archives/fedora-package-announce/2009-April/msg00188.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.htmlnvd
News mentions
0No linked articles in our index yet.