7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.024 Low
EPSS
Percentile
89.9%
Bugzilla Security Advisory
Login names (usually an email address) longer than 127
characters are silently truncated in MySQL which could
cause the domain name of the email address to be
corrupted. An attacker could use this vulnerability to
create an account with an email address different from the
one originally requested. The login name could then be
automatically added to groups based on the group’s regular
expression setting.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | bugzilla44 | < 4.4.10 | UNKNOWN |
FreeBSD | any | noarch | bugzilla50 | < 5.0.1 | UNKNOWN |