A flaw was found in Bugzilla Bugzilla 2.16rc1 to 4.4.12, 4.5.1 to 5.0.3. A Cross-Site Request Forgery (CSRF) vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to. References: https://packetstormsecurity.com/files/146473/bugzilla45-xsrf.txt https://bugzilla.mozilla.org/show_bug.cgi?id=1433400 Patch: https://bugzilla.mozilla.org/attachment.cgi?id=8950824&action=edit [4.4] https://bugzilla.mozilla.org/attachment.cgi?id=8951341&action=edit [5.0]
Created bugzilla tracking bugs for this issue: Affects: epel-6 [bug 1546887]