bugzilla -- multiple vulnerabilities

2007-08-2300:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.04 Low

EPSS

Percentile

92.0%

JSON

A Bugzilla Security Advisory reports:

This advisory covers three security issues that have recently been
fixed in the Bugzilla code:

A possible cross-site scripting (XSS) vulnerability when filing
bugs using the guided form.
When using email_in.pl, insufficiently escaped data may be
passed to sendmail.
Users using the WebService interface may access Bugzilla’s
time-tracking fields even if they normally cannot see them.

We strongly advise that 2.20.x and 2.22.x users should upgrade to
2.20.5 and 2.22.3 respectively. 3.0 users, and users of 2.18.x or
below, should upgrade to 3.0.1.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchbugzilla= 2.20.*UNKNOWN
FreeBSDanynoarchbugzilla< 2.22.3UNKNOWN
FreeBSDanynoarchja-bugzilla= 2.20.*UNKNOWN
FreeBSDanynoarchja-bugzilla< 2.22.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	bugzilla	= 2.20.*	UNKNOWN
FreeBSD	any	noarch	bugzilla	< 2.22.3	UNKNOWN
FreeBSD	any	noarch	ja-bugzilla	= 2.20.*	UNKNOWN
FreeBSD	any	noarch	ja-bugzilla	< 2.22.3	UNKNOWN