CVE-2006-5455 - Vulnerability Details - OpenCVE

Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Bugzilla

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:bugzilla::::::::
	cpe:2.3:a:mozilla:bugzilla:2.23:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.23.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.23.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/22409
http://secunia.com/advisories/22790
http://security.gentoo.org/glsa/glsa-200611-04.xml
http://securityreason.com/securityalert/1760
http://www.bugzilla.org/security/2.18.5/
http://www.osvdb.org/29548
http://www.securityfocus.com/archive/1/448777/100/100/threaded
http://www.securityfocus.com/bid/20538
http://www.vupen.com/english/advisories/2006/4035
https://bugzilla.mozilla.org/show_bug.cgi?id=281181
https://exchange.xforce.ibmcloud.com/vulnerabilities/29618

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-23T17:00:00

Updated: 2024-08-07T19:48:30.266Z

Reserved: 2006-10-23T00:00:00

Link: CVE-2006-5455

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-10-23T17:07:00.000

Modified: 2024-11-21T00:19:18.687

Link: CVE-2006-5455

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "22409", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22409"}, {"name": "1760", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1760"}, {"name": "bugzilla-url-modify-configuration(29618)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29618"}, {"name": "ADV-2006-4035", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4035"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=281181"}, {"name": "20538", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20538"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.bugzilla.org/security/2.18.5/"}, {"name": "22790", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22790"}, {"name": "GLSA-200611-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200611-04.xml"}, {"name": "20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/448777/100/100/threaded"}, {"name": "29548", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29548"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5455", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "22409", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22409"}, {"name": "1760", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1760"}, {"name": "bugzilla-url-modify-configuration(29618)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29618"}, {"name": "ADV-2006-4035", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4035"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=281181", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=281181"}, {"name": "20538", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20538"}, {"name": "http://www.bugzilla.org/security/2.18.5/", "refsource": "CONFIRM", "url": "http://www.bugzilla.org/security/2.18.5/"}, {"name": "22790", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22790"}, {"name": "GLSA-200611-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200611-04.xml"}, {"name": "20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/448777/100/100/threaded"}, {"name": "29548", "refsource": "OSVDB", "url": "http://www.osvdb.org/29548"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:48:30.266Z"}, "title": "CVE Program Container", "references": [{"name": "22409", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22409"}, {"name": "1760", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1760"}, {"name": "bugzilla-url-modify-configuration(29618)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29618"}, {"name": "ADV-2006-4035", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4035"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=281181"}, {"name": "20538", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20538"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.bugzilla.org/security/2.18.5/"}, {"name": "22790", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22790"}, {"name": "GLSA-200611-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200611-04.xml"}, {"name": "20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/448777/100/100/threaded"}, {"name": "29548", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/29548"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5455", "datePublished": "2006-10-23T17:00:00", "dateReserved": "2006-10-23T00:00:00", "dateUpdated": "2024-08-07T19:48:30.266Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACEA1C05-D6EA-4C54-A9F3-9896121D00FE", "versionEndIncluding": "2.22.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.23:*:*:*:*:*:*:*", "matchCriteriaId": "02846865-D124-4C72-85C8-59A7C6F43E2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.23.1:*:*:*:*:*:*:*", "matchCriteriaId": "99B59422-ED6E-4F82-8D0C-091058D1C438", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.23.2:*:*:*:*:*:*:*", "matchCriteriaId": "F658844A-6253-4A18-8A5D-1E818BE7A367", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en editversions.cgi en Bugzilla anterior a 2.22.1 y 2.23.x anteriores a 2.23.3 permite a atacantes remotos con intervenci\u00f3n del usuario crear, modificar o borrar informes de \"bugs\" de su elecci\u00f3n mediante una URL creada artesanalmente."}], "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nMozilla, Bugzilla, 2.22.1\r\nMozilla, Bugzilla, 2.23.3", "id": "CVE-2006-5455", "lastModified": "2024-11-21T00:19:18.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-10-23T17:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/22409"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/22790"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200611-04.xml"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1760"}, {"source": "cve@mitre.org", "url": "http://www.bugzilla.org/security/2.18.5/"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29548"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/448777/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20538"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4035"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=281181"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29618"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22790"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200611-04.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1760"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.bugzilla.org/security/2.18.5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/29548"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/448777/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/20538"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4035"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=281181"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29618"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}