Your submission was sent successfully! Close

CVE-2014-1546

Published: 14 August 2014

The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.x before 4.5.5 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with the _bz_callback character set.

Notes

AuthorNote
jdstrand
3.2 not-affected
Priority

Medium

Status

Package Release Status
bugzilla
Launchpad, Ubuntu, Debian
lucid Not vulnerable

precise Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist