5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.04 Low
EPSS
Percentile
92.0%
A Bugzilla Security Advisory reports:
This advisory covers three security issues that have recently been
fixed in the Bugzilla code:
A possible cross-site scripting (XSS) vulnerability when filing
bugs using the guided form.
When using email_in.pl, insufficiently escaped data may be
passed to sendmail.
Users using the WebService interface may access Bugzilla’s
time-tracking fields even if they normally cannot see them.
We strongly advise that 2.20.x and 2.22.x users should upgrade to
2.20.5 and 2.22.3 respectively. 3.0 users, and users of 2.18.x or
below, should upgrade to 3.0.1.