Lucene search

[email protected]NVD:CVE-2008-6098

HistoryFeb 09, 2009 - 6:30 p.m.

CVE-2008-6098

2009-02-0918:30:00

CWE-264

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.6%

JSON

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to “approve.”

Affected configurations

NVD

Node

mozillabugzillaMatch2.17.4

mozillabugzillaMatch2.17.5

mozillabugzillaMatch2.17.6

mozillabugzillaMatch2.17.7

mozillabugzillaMatch2.18

mozillabugzillaMatch2.18rc1

mozillabugzillaMatch2.18rc2

mozillabugzillaMatch2.18rc3

mozillabugzillaMatch2.18.1

mozillabugzillaMatch2.18.2

mozillabugzillaMatch2.18.3

mozillabugzillaMatch2.18.4

mozillabugzillaMatch2.18.5

mozillabugzillaMatch2.18.6

mozillabugzillaMatch2.18.7

mozillabugzillaMatch2.18.8

mozillabugzillaMatch2.18.9

mozillabugzillaMatch2.19

mozillabugzillaMatch2.19.1

mozillabugzillaMatch2.19.2

mozillabugzillaMatch2.19.3

mozillabugzillaMatch2.20

mozillabugzillaMatch2.20rc1

mozillabugzillaMatch2.20rc2

mozillabugzillaMatch2.20.1

mozillabugzillaMatch2.20.2

mozillabugzillaMatch2.20.3

mozillabugzillaMatch2.20.4

mozillabugzillaMatch2.20.5

mozillabugzillaMatch2.20.6

mozillabugzillaMatch2.21

mozillabugzillaMatch2.21.1

mozillabugzillaMatch2.21.2

mozillabugzillaMatch2.22

mozillabugzillaMatch2.22rc1

mozillabugzillaMatch2.22.1

mozillabugzillaMatch2.22.2

mozillabugzillaMatch2.22.3

mozillabugzillaMatch2.22.4

mozillabugzillaMatch2.22.5

mozillabugzillaMatch2.22.6

mozillabugzillaMatch2.23

mozillabugzillaMatch2.23.1

mozillabugzillaMatch2.23.2

mozillabugzillaMatch2.23.3

mozillabugzillaMatch2.23.4

mozillabugzillaMatch3.0.0

mozillabugzillaMatch3.0.1

mozillabugzillaMatch3.0.2

mozillabugzillaMatch3.0.3

mozillabugzillaMatch3.0.4

mozillabugzillaMatch3.0.5

mozillabugzillaMatch3.0.6

mozillabugzillaMatch3.0.7

mozillabugzillaMatch3.0_rc1

mozillabugzillaMatch3.1.0

mozillabugzillaMatch3.1.1

mozillabugzillaMatch3.1.2

mozillabugzillaMatch3.1.3

mozillabugzillaMatch3.1.4

mozillabugzillaMatch3.2

mozillabugzillaMatch3.2.1

mozillabugzillaMatch3.3.1

mozillabugzillaMatch3.3.2

References

secunia.com/advisories/32501

secunia.com/advisories/34361

www.bugzilla.org/security/2.20.6/

www.securityfocus.com/bid/32178

bugzilla.mozilla.org/show_bug.cgi?id=449931

exchange.xforce.ibmcloud.com/vulnerabilities/46424

www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for NVD:CVE-2008-6098

prion1 cve1 cvelist1 ubuntucve1 nessus3 openvas6 fedora2 gentoo1