View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2012-0440 low priority: Ubuntu including 1 source packages (bugzilla), 9 status rows across 9 suites (hardy, lucid, maverick, natty, oneiric, precise, quantal, raring, upstream): ignored 4, DNE 3, needs-triage 1, not-affected 1.
Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API.