bugzilla -- "createmailregexp" security bypass vulnerability

2007-09-18T00:00:00
ID F8D3689E-6770-11DC-8BE8-02E0185F8D72
Type freebsd
Reporter FreeBSD
Modified 2010-05-12T00:00:00

Description

The Bugzilla development team reports:

Bugzilla::WebService::User::offer_account_by_email does not check the "createemailregexp" parameter, and thus allows users to create accounts who would normally be denied account creation. The "emailregexp" parameter is still checked. If you do not have the SOAP::Lite Perl module installed on your Bugzilla system, your system is not vulnerable (because the Bugzilla WebService will not be enabled).