VuXML ID | Description |
09c87973-8b9d-11e1-b393-20cf30e32f6d | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
The following security issues have been discovered in
Bugzilla:
Unauthorized Access
Due to a lack of proper validation of the X-FORWARDED-FOR
header of an authentication request, an attacker could bypass
the current lockout policy used for protection against brute-
force password discovery. This vulnerability can only be
exploited if the 'inbound_proxies' parameter is set.
Cross Site Scripting
A JavaScript template used by buglist.cgi could be used
by a malicious script to permit an attacker to gain access
to some information about bugs he would not normally be
allowed to see, using the victim's credentials. To be
exploitable, the victim must be logged in when visiting
the attacker's malicious page.
All affected installations are encouraged to upgrade as soon
as possible.
Discovery 2012-04-18 Entry 2012-04-21 bugzilla
ge 3.6.0 lt 3.6.9
ge 4.0.0 lt 4.0.6
CVE-2012-0465
CVE-2012-0466
https://bugzilla.mozilla.org/show_bug.cgi?id=728639
https://bugzilla.mozilla.org/show_bug.cgi?id=745397
|
0c7a3ee2-3654-11e1-b404-20cf30e32f6d | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
The following security issues have been discovered in Bugzilla:
- Tabular and graphical reports, as well as new charts have
a debug mode which displays raw data as plain text. This
text is not correctly escaped and a crafted URL could use
this vulnerability to inject code leading to XSS.
- The User.offer_account_by_email WebService method ignores
the user_can_create_account setting of the authentication
method and generates an email with a token in it which the
user can use to create an account. Depending on the
authentication method being active, this could allow the
user to log in using this account.
Installations where the createemailregexp parameter is
empty are not vulnerable to this issue.
- The creation of bug reports and of attachments is not
protected by a token and so they can be created without the
consent of a user if the relevant code is embedded in an
HTML page and the user visits this page. This behavior was
intentional to let third-party applications submit new bug
reports and attachments easily. But as this behavior can be
abused by a malicious user, it has been decided to block
submissions with no valid token starting from version 4.2rc1.
Older branches are not patched to not break these third-party
applications after the upgrade.
All affected installations are encouraged to upgrade as soon
as possible.
Discovery 2011-11-28 Entry 2012-01-05 bugzilla
ge 2.4.* lt 3.6.7
ge 4.0.* lt 4.0.3
CVE-2011-3657
CVE-2011-3667
CVE-2011-3668
CVE-2011-3669
https://bugzilla.mozilla.org/show_bug.cgi?id=697699
https://bugzilla.mozilla.org/show_bug.cgi?id=711714
https://bugzilla.mozilla.org/show_bug.cgi?id=703975
https://bugzilla.mozilla.org/show_bug.cgi?id=703983
|
1c8a039b-7b23-11e2-b17b-20cf30e32f6d | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
Cross-Site Scripting
When viewing a single bug report, which is the default,
the bug ID is validated and rejected if it is invalid.
But when viewing several bug reports at once, which is
specified by the format=multiple parameter, invalid bug
IDs can go through and are sanitized in the HTML page
itself. But when an invalid page format is passed to the
CGI script, the wrong HTML page is called and data are not
correctly sanitized, which can lead to XSS.
Information Leak
When running a query in debug mode, the generated SQL
query used to collect the data is displayed. The way this
SQL query is built permits the user to determine if some
confidential field value (such as a product name) exists.
This problem only affects Bugzilla 4.0.9 and older. Newer
releases are not affected by this issue.
Discovery 2013-02-19 Entry 2013-02-20 Modified 2013-03-31 bugzilla
de-bugzilla
ru-bugzilla
ja-bugzilla
ge 3.6.0 lt 3.6.13
ge 4.0.0 lt 4.0.10
ge 4.2.0 lt 4.2.5
CVE-2013-0785
https://bugzilla.mozilla.org/show_bug.cgi?id=842038
CVE-2013-0786
https://bugzilla.mozilla.org/show_bug.cgi?id=824399
|
1d96305d-6ae6-11dd-91d5-000c29d47fd7 | Bugzilla -- Directory Traversal in importxml.pl
A Bugzilla Security Advisory reports:
When importing bugs using importxml.pl, the --attach_path
option can be specified, pointing to the directory where
attachments to import are stored. If the XML file being
read by importxml.pl contains a malicious
../relative_path/to/local_file
node, the script follows this relative path and attaches the
local file pointed by it to the bug, making the file public.
The security fix makes sure the relative path is always
ignored.
Discovery 2008-06-03 Entry 2008-08-15 Modified 2010-05-12 bugzilla
ja-bugzilla
ge 2.22.1 lt 2.22.4
ge 3.* lt 3.0.4
CVE-2008-4437
https://bugzilla.mozilla.org/show_bug.cgi?id=437169
|
2b841f88-2e8d-11e2-ad21-20cf30e32f6d | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
The following security issues have been discovered in
Bugzilla:
Information Leak
If the visibility of a custom field is controlled by a product
or a component of a product you cannot see, their names are
disclosed in the JavaScript code generated for this custom field
despite they should remain confidential.
Calling the User.get method with a 'groups' argument leaks the
existence of the groups depending on whether an error is thrown
or not. This method now also throws an error if the user calling
this method does not belong to these groups (independently of
whether the groups exist or not).
Trying to mark an attachment in a bug you cannot see as obsolete
discloses its description in the error message. The description
of the attachment is now removed from the error message.
Cross-Site Scripting
Due to incorrectly filtered field values in tabular reports,
it is possible to inject code leading to XSS.
A vulnerability in swfstore.swf from YUI2 allows JavaScript
injection exploits to be created against domains that host this
affected YUI .swf file.
Discovery 2012-11-13 Entry 2012-11-14 Modified 2012-11-27 bugzilla
ge 3.6.0 lt 3.6.12
ge 4.0.0 lt 4.0.9
ge 4.2.0 lt 4.2.4
CVE-2012-4199
https://bugzilla.mozilla.org/show_bug.cgi?id=731178
CVE-2012-4198
https://bugzilla.mozilla.org/show_bug.cgi?id=781850
CVE-2012-4197
https://bugzilla.mozilla.org/show_bug.cgi?id=802204
CVE-2012-4189
https://bugzilla.mozilla.org/show_bug.cgi?id=790296
CVE-2012-5881
CVE-2012-5882
CVE-2012-5883
https://bugzilla.mozilla.org/show_bug.cgi?id=808845
http://yuilibrary.com/support/20121030-vulnerability/
|
309542b5-50b9-11e1-b0d8-00151735203a | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
The following security issues have been discovered in
Bugzilla:
- Account Impersonation:
When a user creates a new account, Bugzilla doesn't correctly
reject email addresses containing non-ASCII characters, which
could be used to impersonate another user account. Such email
addresses could look visually identical to other valid email
addresses, and an attacker could try to confuse other users
and be added to bugs he shouldn't have access to.
- Cross-Site Request Forgery:
Due to a lack of validation of the Content-Type head when
making POST requests to jsonrpc.cgi, a possible CSRF
vulnerability was discovered. If a user visits an HTML page
with some malicious JS code in it, an attacker could make
changes to a remote Bugzilla installation on behalf of the
victim's account by using the JSON-RPC API. The user would
have had to be already logged in to the target site for the
vulnerability to work.
All affected installations are encouraged to upgrade as soon as
possible.
Discovery 2012-01-31 Entry 2012-02-06 bugzilla
ge 2.4.* lt 3.6.8
ge 4.0.* lt 4.0.4
CVE-2012-0448
CVE-2012-0440
https://bugzilla.mozilla.org/show_bug.cgi?id=714472
https://bugzilla.mozilla.org/show_bug.cgi?id=718319
|
46f7b598-a781-11da-906a-fde5cdde365e | bugzilla -- multiple vulnerabilities
Some vulnerabilities have been reported in Bugzilla,
which can be exploited by malicious users to conduct SQL injection
attacks, and by malicious people to disclose sensitive information
and conduct script insertion attacks.
Discovery 2006-02-20 Entry 2006-02-27 Modified 2006-11-11 bugzilla
ja-bugzilla
ge 2.17.1 lt 2.20.1
CVE-2006-2420
CVE-2006-0916
CVE-2006-0915
CVE-2006-0914
CVE-2006-0913
http://www.bugzilla.org/security/2.18.4/
|
58253655-d82c-11e1-907c-20cf30e32f6d | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
The following security issues have been discovered in
Bugzilla:
Information Leak
Versions: 4.1.1 to 4.2.1, 4.3.1
In HTML bugmails, all bug IDs and attachment IDs are
linkified, and hovering these links displays a tooltip
with the bug summary or the attachment description if
the user is allowed to see the bug or attachment.
But when validating user permissions when generating the
email, the permissions of the user who edited the bug were
taken into account instead of the permissions of the
addressee. This means that confidential information could
be disclosed to the addressee if the other user has more
privileges than the addressee.
Plain text bugmails are not affected as bug and attachment
IDs are not linkified.
Information Leak
Versions: 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to
4.2.1, 4.3.1
The description of a private attachment could be visible
to a user who hasn't permissions to access this attachment
if the attachment ID is mentioned in a public comment in
a bug that the user can see.
Discovery 2012-07-26 Entry 2012-07-27 bugzilla
ge 3.6.0 lt 3.6.10
ge 4.0.0 lt 4.0.7
ge 4.2.0 lt 4.2.2
CVE-2012-1968
CVE-2012-1969
https://bugzilla.mozilla.org/show_bug.cgi?id=777398
https://bugzilla.mozilla.org/show_bug.cgi?id=777586
|
696053c6-0f50-11df-a628-001517351c22 | bugzilla -- information leak
A Bugzilla Security Advisory reports:
When moving a bug from one product to another, an intermediate
page is displayed letting you select the groups the bug should
be restricted to in the new product. However, a regression in
the 3.4.x series made it ignore all groups which are not
available in both products. As a workaround, you had to move
the bug to the new product first and then restrict it to the
desired groups, in two distinct steps, which could make the bug
temporarily public.
Discovery 2010-01-31 Entry 2010-02-01 bugzilla
gt 3.3.1 lt 3.4.5
CVE-2009-3387
http://www.bugzilla.org/security/3.0.10/
|
6ad18fe5-f469-11e1-920d-20cf30e32f6d | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
The following security issues have been discovered in
Bugzilla:
LDAP Injection
When the user logs in using LDAP, the username is not
escaped when building the uid=$username filter which is
used to query the LDAP directory. This could potentially
lead to LDAP injection.
Directory Browsing
Extensions are not protected against directory browsing
and users can access the source code of the templates
which may contain sensitive data.
Directory browsing is blocked in Bugzilla 4.3.3 only,
because it requires a configuration change in the Apache
httpd.conf file to allow local .htaccess files to use
Options -Indexes. To not break existing installations,
this fix has not been backported to stable branches.
The access to templates is blocked for all supported
branches except the old 3.6 branch, because this branch
doesn't have .htaccess in the bzr repository and cannot
be fixed easily for existing installations without
potentially conflicting with custom changes.
Discovery 2012-08-30 Entry 2012-09-01 bugzilla
ge 3.6.0 lt 3.6.11
ge 4.0.0 lt 4.0.8
ge 4.2.0 lt 4.2.3
CVE-2012-3981
https://bugzilla.mozilla.org/show_bug.cgi?id=785470
https://bugzilla.mozilla.org/show_bug.cgi?id=785522
https://bugzilla.mozilla.org/show_bug.cgi?id=785511
|
6d68618a-7199-11db-a2ad-000c6ec775d9 | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
- Sometimes the information put into the
and
tags in Bugzilla was not properly escaped,
leading to a possible XSS vulnerability.
- Bugzilla administrators were allowed to put raw,
unfiltered HTML into many fields in Bugzilla, leading to
a possible XSS vulnerability. Now, the HTML allowed in
those fields is limited.
- attachment.cgi could leak the names of private
attachments
- The "deadline" field was visible in the XML format of
a bug, even to users who were not a member of the
"timetrackinggroup."
- A malicious user could pass a URL to an admin, and
make the admin delete or change something that he had
not intended to delete or change.
- It is possible to inject arbitrary HTML into the
showdependencygraph.cgi page, allowing for a cross-site
scripting attack.
Discovery 2006-10-15 Entry 2006-11-11 bugzilla
ja-bugzilla
gt 2.* lt 2.22.1
CVE-2006-5453
CVE-2006-5454
CVE-2006-5455
http://www.bugzilla.org/security/2.18.5/
|
6e33f4ab-efed-11d9-8310-0001020eed82 | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
Any user can change any flag on any bug, even if they
don't have access to that bug, or even if they can't
normally make bug changes. This also allows them to expose
the summary of a bug.
Bugs are inserted into the database before they are
marked as private, in Bugzilla code. Thus, MySQL
replication can lag in between the time that the bug is
inserted and when it is marked as private (usually less
than a second). If replication lags at this point, the bug
summary will be accessible to all users until replication
catches up. Also, on a very slow machine, there may be a
pause longer than a second that allows users to see the
title of the newly-filed bug.
Discovery 2005-07-07 Entry 2005-07-08 Modified 2005-07-18 bugzilla
ja-bugzilla
ge 2.17.1 lt 2.18.2
http://www.bugzilla.org/security/2.18.1/
https://bugzilla.mozilla.org/show_bug.cgi?id=292544
CVE-2005-2173
CVE-2005-2174
https://bugzilla.mozilla.org/show_bug.cgi?id=293159
|
75231c63-f6a2-499d-8e27-787773bda284 | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
This advisory covers three security issues that have recently been
fixed in the Bugzilla code:
- A possible cross-site scripting (XSS) vulnerability when filing
bugs using the guided form.
- When using email_in.pl, insufficiently escaped data may be
passed to sendmail.
- Users using the WebService interface may access Bugzilla's
time-tracking fields even if they normally cannot see them.
We strongly advise that 2.20.x and 2.22.x users should upgrade to
2.20.5 and 2.22.3 respectively. 3.0 users, and users of 2.18.x or
below, should upgrade to 3.0.1.
Discovery 2007-08-23 Entry 2007-09-21 bugzilla
ja-bugzilla
ge 2.20.* lt 2.22.3
ge 3.* lt 3.0.1
25425
CVE-2007-4538
CVE-2007-4539
CVE-2007-4543
http://www.bugzilla.org/security/2.20.4/
|
7f448dc1-82ca-11e1-b393-20cf30e32f6d | bugzilla Cross-Site Request Forgery
A Bugzilla Security Advisory reports:
The following security issues have been discovered in
Bugzilla:
- Due to a lack of validation of the enctype form attribute
when making POST requests to xmlrpc.cgi, a possible CSRF
vulnerability was discovered. If a user visits an HTML page
with some malicious HTML code in it, an attacker could make
changes to a remote Bugzilla installation on behalf of the
victim's account by using the XML-RPC API on a site running
mod_perl. Sites running under mod_cgi are not affected.
Also, the user would have had to be already logged in to the
target site for the vulnerability to work.
All affected installations are encouraged to upgrade as soon
as possible.
Discovery 2012-02-22 Entry 2012-04-10 bugzilla
ge 4.0.0 lt 4.0.5
CVE-2012-0453
https://bugzilla.mozilla.org/show_bug.cgi?id=725663
|
8cbf4d65-af9a-11df-89b8-00151735203a | bugzilla -- information disclosure, denial of service
A Bugzilla Security Advisory reports:
- Remote Information Disclosure:
An unprivileged user is normally not allowed to view
other users' group membership. But boolean charts
let the user use group-based pronouns, indirectly
disclosing group membership. This security fix
restricts the use of pronouns to groups the user
belongs to.
- Notification Bypass:
Normally, when a user is impersonated, he receives
an email informing him that he is being impersonated,
containing the identity of the impersonator. However,
it was possible to impersonate a user without this
notification being sent.
- Remote Information Disclosure:
An error message thrown by the "Reports" and "Duplicates"
page confirmed the non-existence of products, thus
allowing users to guess confidential product names.
(Note that the "Duplicates" page was not vulnerable
in Bugzilla 3.6rc1 and above though.)
- Denial of Service:
If a comment contained the phrases "bug X" or
"attachment X", where X was an integer larger than the
maximum 32-bit signed integer size, PostgreSQL would
throw an error, and any page containing that comment would
not be viewable. On most Bugzillas, any user can enter
a comment on any bug, so any user could have used this to
deny access to one or all bugs. Bugzillas running on
databases other than PostgreSQL are not affected.
Discovery 2010-08-05 Entry 2010-08-24 bugzilla
gt 2.17.1 lt 3.6.2
CVE-2010-2756
CVE-2010-2757
CVE-2010-2758
CVE-2010-2759
https://bugzilla.mozilla.org/show_bug.cgi?id=417048
https://bugzilla.mozilla.org/show_bug.cgi?id=450013
https://bugzilla.mozilla.org/show_bug.cgi?id=577139
https://bugzilla.mozilla.org/show_bug.cgi?id=519835
https://bugzilla.mozilla.org/show_bug.cgi?id=583690
|
92ca92c1-d859-11de-89f9-001517351c22 | bugzilla -- information leak
A Bugzilla Security Advisory reports:
When a bug is in a group, none of its information
(other than its status and resolution) should be visible
to users outside that group. It was discovered that
as of 3.3.2, Bugzilla was showing the alias of the bug
(a very short string used as a shortcut for looking up
the bug) to users outside of the group, if the protected
bug ended up in the "Depends On" or "Blocks" list of any
other bug.
Discovery 2009-11-18 Entry 2009-11-23 bugzilla
gt 3.3.1 lt 3.4.4
CVE-2009-3386
http://www.bugzilla.org/security/3.4.3/
|
97c3a452-6e36-11d9-8324-000a95bc6fae | bugzilla -- cross-site scripting vulnerability
A Bugzilla advisory states:
This advisory covers a single cross-site scripting issue
that has recently been discovered and fixed in the
Bugzilla code: If a malicious user links to a Bugzilla
site using a specially crafted URL, a script in the error
page generated by Bugzilla will display the URL unaltered
in the page, allowing scripts embedded in the URL to
execute.
Discovery 2004-12-01 Entry 2005-01-24 bugzilla
ja-bugzilla
< 2.16.8
ge 2.17.* lt 2.18
CVE-2004-1061
http://www.bugzilla.org/security/2.16.7-nr/
https://bugzilla.mozilla.org/show_bug.cgi?id=272620
|
b9ec7fe3-a38a-11de-9c6b-003048818f40 | bugzilla -- two SQL injections, sensitive data exposure
A Bugzilla Security Advisory reports:
- It is possible to inject raw SQL into the Bugzilla
database via the "Bug.create" and "Bug.search" WebService
functions.
- When a user would change his password, his new password would
be exposed in the URL field of the browser if he logged in right
after changing his password.
Discovery 2009-09-11 Entry 2009-09-17 bugzilla
gt 3.3.1 lt 3.4.2
CVE-2009-3125
CVE-2009-3165
CVE-2009-3166
http://www.bugzilla.org/security/3.0.8/
|
c8c927e5-2891-11e0-8f26-00151735203a | bugzilla -- multiple serious vulnerabilities
A Bugzilla Security Advisory reports:
This advisory covers three security issues that have recently been
fixed in the Bugzilla code:
- A weakness in Bugzilla could allow a user to gain unauthorized
access to another Bugzilla account.
- A weakness in the Perl CGI.pm module allows injecting HTTP
headers and content to users via several pages in Bugzilla.
- If you put a harmful "javascript:" or "data:" URL into
Bugzilla's "URL" field, then there are multiple situations in
which Bugzilla will unintentionally make that link clickable.
- Various pages lack protection against cross-site request
forgeries.
All affected installations are encouraged to upgrade as soon as
possible.
Discovery 2011-01-24 Entry 2011-01-25 bugzilla
ge 2.14.* lt 3.6.4
25425
CVE-2010-4568
CVE-2010-2761
CVE-2010-4411
CVE-2010-4572
CVE-2010-4567
CVE-2010-0048
CVE-2011-0046
https://bugzilla.mozilla.org/show_bug.cgi?id=621591
https://bugzilla.mozilla.org/show_bug.cgi?id=619594
https://bugzilla.mozilla.org/show_bug.cgi?id=591165
https://bugzilla.mozilla.org/show_bug.cgi?id=621572
https://bugzilla.mozilla.org/show_bug.cgi?id=619588
https://bugzilla.mozilla.org/show_bug.cgi?id=628034
https://bugzilla.mozilla.org/show_bug.cgi?id=621090
https://bugzilla.mozilla.org/show_bug.cgi?id=621105
https://bugzilla.mozilla.org/show_bug.cgi?id=621107
https://bugzilla.mozilla.org/show_bug.cgi?id=621108
https://bugzilla.mozilla.org/show_bug.cgi?id=621109
https://bugzilla.mozilla.org/show_bug.cgi?id=621110
|
d67b517d-8214-11de-88ea-001a4d49522b | bugzilla -- product name information leak
A Bugzilla Security Advisory reports:
Normally, users are only supposed to see products that
they can file bugs against in the "Product" drop-down on
the bug-editing page. Instead, users were being shown all
products, even those that they normally could not see. Any
user who could edit any bug could see all product
names.
Discovery 2009-07-30 Entry 2009-08-05 bugzilla
gt 3.3.4 lt 3.4.1
http://www.bugzilla.org/security/3.4/
|
dc8741b9-c5d5-11e0-8a8e-00151735203a | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
The following security issues have been discovered in Bugzilla:
- Internet Explorer 8 and older, and Safari before 5.0.6 do
content sniffing when viewing a patch in "Raw Unified" mode,
which could trigger a cross-site scripting attack due to
the execution of malicious code in the attachment.
- It is possible to determine whether or not certain group
names exist while creating or updating bugs.
- Attachment descriptions with a newline in them could lead
to the injection of crafted headers in email notifications sent
to the requestee or the requester when editing an attachment
flag.
- If an attacker has access to a user's session, he can modify
that user's email address without that user being notified
of the change.
- Temporary files for uploaded attachments are not deleted
on Windows, which could let a user with local access to
the server read them.
- Up to Bugzilla 3.4.11, if a BUGLIST cookie is compromised,
it can be used to inject HTML code when viewing a bug report,
leading to a cross-site scripting attack.
All affected installations are encouraged to upgrade as soon as
possible.
Discovery 2011-08-04 Entry 2011-08-13 bugzilla
ge 2.4.* lt 3.6.6
ge 4.0.* lt 4.0.2
CVE-2011-2379
CVE-2011-2380
CVE-2011-2979
CVE-2011-2381
CVE-2011-2978
CVE-2011-2977
CVE-2011-2976
https://bugzilla.mozilla.org/show_bug.cgi?id=637981
https://bugzilla.mozilla.org/show_bug.cgi?id=653477
https://bugzilla.mozilla.org/show_bug.cgi?id=674497
https://bugzilla.mozilla.org/show_bug.cgi?id=657158
https://bugzilla.mozilla.org/show_bug.cgi?id=670868
https://bugzilla.mozilla.org/show_bug.cgi?id=660502
https://bugzilla.mozilla.org/show_bug.cgi?id=660053
|
e135f0c9-375f-11e3-80b7-20cf30e32f6d | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
Cross-Site Request Forgery
When a user submits changes to a bug right after another
user did, a midair collision page is displayed to inform
the user about changes recently made. This page contains
a token which can be used to validate the changes if the
user decides to submit his changes anyway. A regression
in Bugzilla 4.4 caused this token to be recreated if a
crafted URL was given, even when no midair collision page
was going to be displayed, allowing an attacker to bypass
the token check and abuse a user to commit changes on his
behalf.
Cross-Site Request Forgery
When an attachment is edited, a token is generated to
validate changes made by the user. Using a crafted URL,
an attacker could force the token to be recreated,
allowing him to bypass the token check and abuse a user
to commit changes on his behalf.
Cross-Site Scripting
Some parameters passed to editflagtypes.cgi were not
correctly filtered in the HTML page, which could lead
to XSS.
Cross-Site Scripting
Due to an incomplete fix for CVE-2012-4189, some
incorrectly filtered field values in tabular reports
could lead to XSS.
Discovery 2013-10-16 Entry 2013-10-17 Modified 2014-04-30 bugzilla
ge 4.0.0 lt 4.0.11
bugzilla40
ge 4.0.0 lt 4.0.11
bugzilla42
ge 4.2.0 lt 4.2.7
bugzilla44
ge 4.4 lt 4.4.1
CVE-2013-1733
https://bugzilla.mozilla.org/show_bug.cgi?id=911593
CVE-2013-1734
https://bugzilla.mozilla.org/show_bug.cgi?id=913904
CVE-2013-1742
https://bugzilla.mozilla.org/show_bug.cgi?id=924802
CVE-2013-1743
https://bugzilla.mozilla.org/show_bug.cgi?id=924932
|
f1331504-8849-11df-89b8-00151735203a | bugzilla -- information disclosure
A Bugzilla Security Advisory reports:
- Normally, information about time-tracking (estimated
hours, actual hours, hours worked, and deadlines) is
restricted to users in the "time-tracking group".
However, any user was able, by crafting their own
search URL, to search for bugs based using those
fields as criteria, thus possibly exposing sensitive
time-tracking information by a user seeing that a bug
matched their search.
- If $use_suexec was set to "1" in the localconfig file,
then the localconfig file's permissions were set as
world-readable by checksetup.pl. This allowed any user
with local shell access to see the contents of the file,
including the database password and the site_wide_secret
variable used for CSRF protection.
Discovery 2010-06-24 Entry 2010-07-05 bugzilla
gt 2.17.1 lt 3.6.1
CVE-2010-1204
CVE-2010-0180
https://bugzilla.mozilla.org/show_bug.cgi?id=309952
https://bugzilla.mozilla.org/show_bug.cgi?id=561797
|
f8d3689e-6770-11dc-8be8-02e0185f8d72 | bugzilla -- "createmailregexp" security bypass vulnerability
The Bugzilla development team reports:
Bugzilla::WebService::User::offer_account_by_email does
not check the "createemailregexp" parameter, and thus
allows users to create accounts who would normally be
denied account creation. The "emailregexp" parameter is
still checked. If you do not have the SOAP::Lite Perl
module installed on your Bugzilla system, your system is
not vulnerable (because the Bugzilla WebService will not
be enabled).
Discovery 2007-09-18 Entry 2007-09-20 Modified 2010-05-12 bugzilla
ge 3.* lt 3.0.2
CVE-2007-5038
http://www.bugzilla.org/security/3.0.1/
|