A CSRF vulnerability in Bugzilla's report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to. This security bug has been published as CVE-2018-5123.
This updates contains Bugzilla 5.0.4, which fixes the issue.
sudo dnf upgrade --advisory=FEDORA-2018-1e0e37e148
Please login to add feedback.