Closed
Bug 1269236
Opened 8 years ago
Closed 8 years ago
Incorrect checking of API tokens possibly leads to CSRF and data disclosure vulnerability for insecure accounts
Categories
(bugzilla.mozilla.org :: API, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: dylan, Assigned: dylan)
References
()
Details
Attachments
(1 file)
1.50 KB,
patch
|
dkl
:
review+
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #1268989 +++ As part of best practice, there needs to be a bmo bug for security issues in upstream that impact bmo.
Assignee | ||
Comment 1•8 years ago
|
||
Attachment #8747566 -
Flags: review?(dkl)
Assignee | ||
Updated•8 years ago
|
Summary: Inefficient check of "Bugzilla_api_token" might lead to CSRF/data disclosure vulnerability in Bugzilla's REST API → Backport security fix from bug 1268989 to BMO
Assignee | ||
Updated•8 years ago
|
Status: NEW → ASSIGNED
Comment 2•8 years ago
|
||
Comment on attachment 8747566 [details] [diff] [review] 1269236_1.patch Review of attachment 8747566 [details] [diff] [review]: ----------------------------------------------------------------- r=dkl
Attachment #8747566 -
Flags: review?(dkl) → review+
Assignee | ||
Updated•8 years ago
|
Summary: Backport security fix from bug 1268989 to BMO → Incorrect checking of API tokens possibly leads to CSRF and data disclosure vulnerability for insecure accounts
Assignee | ||
Comment 3•8 years ago
|
||
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git fb321b5..3484d75 master -> master
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•8 years ago
|
Group: bugzilla-security
You need to log in
before you can comment on or make changes to this bug.
Description
•