CVE-2008-2104

2008-05-0720:07:00

mitre

www.cve.org

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.2%

JSON

The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.

References

secunia.com/advisories/30064

www.bugzilla.org/security/2.20.5/

www.securityfocus.com/bid/29038

www.securitytracker.com/id?1019968

www.vupen.com/english/advisories/2008/1428/references

bugzilla.mozilla.org/show_bug.cgi?id=415471

exchange.xforce.ibmcloud.com/vulnerabilities/42218