CVE-2008-2104

Severity

40%

Complexity

80%

Confidentiality

48%

The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.

The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N).

Overview

First reported 16 years ago

2008-05-07 20:20:00

Last updated 7 years ago

2017-08-08 01:30:00

Affected Software

Mozilla Bugzilla 3.1.3

3.1.3

References

30064

Vendor Advisory

http://www.bugzilla.org/security/2.20.5/

29038

1019968

ADV-2008-1428

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=415471

bugzilla-xmlrpc-security-bypass(42218)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.