CVE-2011-0046

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi.

Category

6.8
CVSS
Severity: Medium
CVSS 2.0 •
EPSS 0.43%
Vendor Advisory fedoraproject.org Vendor Advisory fedoraproject.org Vendor Advisory debian.org Vendor Advisory secunia.com Vendor Advisory bugzilla.org Vendor Advisory vupen.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=621105 patch
http://osvdb.org/70710 vdb entry
http://www.securityfocus.com/bid/45982 vdb entry
https://bugzilla.mozilla.org/show_bug.cgi?id=621090 patch
http://secunia.com/advisories/43165 third party advisory
http://osvdb.org/70709 vdb entry
http://www.bugzilla.org/security/3.2.9/ vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html vendor advisory
http://osvdb.org/70708 vdb entry
http://www.vupen.com/english/advisories/2011/0271 vdb entry
https://bugzilla.mozilla.org/show_bug.cgi?id=621109 patch
http://secunia.com/advisories/43033 third party advisory vendor advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=621107 patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/65003 vdb entry
http://www.vupen.com/english/advisories/2011/0207 vdb entry vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html vendor advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=621110 patch
http://osvdb.org/70707 vdb entry
http://www.debian.org/security/2011/dsa-2322 vendor advisory
http://osvdb.org/70706 vdb entry
https://bugzilla.mozilla.org/show_bug.cgi?id=621108 patch
http://osvdb.org/70705 vdb entry

Frequently Asked Questions

What is the severity of CVE-2011-0046?
CVE-2011-0046 has been scored as a medium severity vulnerability.
How to fix CVE-2011-0046?
To fix CVE-2011-0046, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2011-0046 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2011-0046 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.