CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
71.1%
A Bugzilla Security Advisory reports:
It is possible to inject raw SQL into the Bugzilla
database via the “Bug.create” and “Bug.search” WebService
functions.
When a user would change his password, his new password would
be exposed in the URL field of the browser if he logged in right
after changing his password.