CVE-2010-4568

Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function.

Affected Software

Name	Vendor	Start Version	End Version
Bugzilla	Mozilla	2.14 (including)	2.14 (including)
Bugzilla	Mozilla	2.14.1 (including)	2.14.1 (including)
Bugzilla	Mozilla	2.14.2 (including)	2.14.2 (including)
Bugzilla	Mozilla	2.14.3 (including)	2.14.3 (including)
Bugzilla	Mozilla	2.14.4 (including)	2.14.4 (including)
Bugzilla	Mozilla	2.14.5 (including)	2.14.5 (including)
Bugzilla	Mozilla	2.16 (including)	2.16 (including)
Bugzilla	Mozilla	2.16-rc1 (including)	2.16-rc1 (including)
Bugzilla	Mozilla	2.16-rc2 (including)	2.16-rc2 (including)
Bugzilla	Mozilla	2.16.1 (including)	2.16.1 (including)
Bugzilla	Mozilla	2.16.2 (including)	2.16.2 (including)
Bugzilla	Mozilla	2.16.3 (including)	2.16.3 (including)
Bugzilla	Mozilla	2.16.4 (including)	2.16.4 (including)
Bugzilla	Mozilla	2.16.5 (including)	2.16.5 (including)
Bugzilla	Mozilla	2.16.6 (including)	2.16.6 (including)
Bugzilla	Mozilla	2.16.7 (including)	2.16.7 (including)
Bugzilla	Mozilla	2.16.8 (including)	2.16.8 (including)
Bugzilla	Mozilla	2.16.9 (including)	2.16.9 (including)
Bugzilla	Mozilla	2.16.10 (including)	2.16.10 (including)
Bugzilla	Mozilla	2.16.11 (including)	2.16.11 (including)
Bugzilla	Mozilla	2.17 (including)	2.17 (including)
Bugzilla	Mozilla	2.17.1 (including)	2.17.1 (including)
Bugzilla	Mozilla	2.17.3 (including)	2.17.3 (including)
Bugzilla	Mozilla	2.17.4 (including)	2.17.4 (including)
Bugzilla	Mozilla	2.17.5 (including)	2.17.5 (including)
Bugzilla	Mozilla	2.17.6 (including)	2.17.6 (including)
Bugzilla	Mozilla	2.17.7 (including)	2.17.7 (including)
Bugzilla	Mozilla	2.18 (including)	2.18 (including)
Bugzilla	Mozilla	2.18-rc1 (including)	2.18-rc1 (including)
Bugzilla	Mozilla	2.18-rc2 (including)	2.18-rc2 (including)
Bugzilla	Mozilla	2.18-rc3 (including)	2.18-rc3 (including)
Bugzilla	Mozilla	2.18.1 (including)	2.18.1 (including)
Bugzilla	Mozilla	2.18.2 (including)	2.18.2 (including)
Bugzilla	Mozilla	2.18.3 (including)	2.18.3 (including)
Bugzilla	Mozilla	2.18.4 (including)	2.18.4 (including)
Bugzilla	Mozilla	2.18.5 (including)	2.18.5 (including)
Bugzilla	Mozilla	2.18.6 (including)	2.18.6 (including)
Bugzilla	Mozilla	2.18.6+ (including)	2.18.6+ (including)
Bugzilla	Mozilla	2.19 (including)	2.19 (including)
Bugzilla	Mozilla	2.19.1 (including)	2.19.1 (including)
Bugzilla	Mozilla	2.19.2 (including)	2.19.2 (including)
Bugzilla	Mozilla	2.19.3 (including)	2.19.3 (including)
Bugzilla	Mozilla	2.20 (including)	2.20 (including)
Bugzilla	Mozilla	2.20-rc1 (including)	2.20-rc1 (including)
Bugzilla	Mozilla	2.20-rc2 (including)	2.20-rc2 (including)
Bugzilla	Mozilla	2.20.1 (including)	2.20.1 (including)
Bugzilla	Mozilla	2.20.2 (including)	2.20.2 (including)
Bugzilla	Mozilla	2.20.3 (including)	2.20.3 (including)
Bugzilla	Mozilla	2.20.4 (including)	2.20.4 (including)
Bugzilla	Mozilla	2.20.5 (including)	2.20.5 (including)
Bugzilla	Mozilla	2.20.6 (including)	2.20.6 (including)
Bugzilla	Mozilla	2.20.7 (including)	2.20.7 (including)
Bugzilla	Mozilla	2.21 (including)	2.21 (including)
Bugzilla	Mozilla	2.21.1 (including)	2.21.1 (including)
Bugzilla	Mozilla	2.21.2 (including)	2.21.2 (including)
Bugzilla	Mozilla	2.22 (including)	2.22 (including)
Bugzilla	Mozilla	2.22-rc1 (including)	2.22-rc1 (including)
Bugzilla	Mozilla	2.22.1 (including)	2.22.1 (including)
Bugzilla	Mozilla	2.22.2 (including)	2.22.2 (including)
Bugzilla	Mozilla	2.22.3 (including)	2.22.3 (including)
Bugzilla	Mozilla	2.22.4 (including)	2.22.4 (including)
Bugzilla	Mozilla	2.22.5 (including)	2.22.5 (including)
Bugzilla	Mozilla	2.22.6 (including)	2.22.6 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-4568
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References