bugzilla -- multiple vulnerabilities

2005-07-0700:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

47.7%

JSON

A Bugzilla Security Advisory reports:

Any user can change any flag on any bug, even if they
don’t have access to that bug, or even if they can’t
normally make bug changes. This also allows them to expose
the summary of a bug.
Bugs are inserted into the database before they are
marked as private, in Bugzilla code. Thus, MySQL
replication can lag in between the time that the bug is
inserted and when it is marked as private (usually less
than a second). If replication lags at this point, the bug
summary will be accessible to all users until replication
catches up. Also, on a very slow machine, there may be a
pause longer than a second that allows users to see the
title of the newly-filed bug.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchbugzilla= 2.17.1UNKNOWN
FreeBSDanynoarchbugzilla< 2.18.2UNKNOWN
FreeBSDanynoarchja-bugzilla= 2.17.1UNKNOWN
FreeBSDanynoarchja-bugzilla< 2.18.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	bugzilla	= 2.17.1	UNKNOWN
FreeBSD	any	noarch	bugzilla	< 2.18.2	UNKNOWN
FreeBSD	any	noarch	ja-bugzilla	= 2.17.1	UNKNOWN
FreeBSD	any	noarch	ja-bugzilla	< 2.18.2	UNKNOWN