Lucene search

[email protected]NVD:CVE-2011-2978

HistoryAug 09, 2011 - 7:55 p.m.

CVE-2011-2978

2011-08-0919:55:01

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.006

Percentile

78.3%

JSON

Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 does not prevent changes to the confirmation e-mail address (aka old_email field) for e-mail change notifications, which makes it easier for remote attackers to perform arbitrary address changes by leveraging an unattended workstation.

Affected configurations

Nvd

Node

mozillabugzillaMatch2.16

mozillabugzillaMatch2.16rc1

mozillabugzillaMatch2.16.1

mozillabugzillaMatch2.16.2

mozillabugzillaMatch2.16.3

mozillabugzillaMatch2.16.4

mozillabugzillaMatch2.16.5

mozillabugzillaMatch2.16.6

mozillabugzillaMatch2.16.7

mozillabugzillaMatch2.16.8

mozillabugzillaMatch2.16.9

mozillabugzillaMatch2.16.10

mozillabugzillaMatch2.16.11

mozillabugzillaMatch2.17

mozillabugzillaMatch2.17.1

mozillabugzillaMatch2.17.3

mozillabugzillaMatch2.17.4

mozillabugzillaMatch2.17.5

mozillabugzillaMatch2.17.6

mozillabugzillaMatch2.17.7

mozillabugzillaMatch2.18

mozillabugzillaMatch2.18rc1

mozillabugzillaMatch2.18rc2

mozillabugzillaMatch2.18rc3

mozillabugzillaMatch2.18.1

mozillabugzillaMatch2.18.2

mozillabugzillaMatch2.18.3

mozillabugzillaMatch2.18.4

mozillabugzillaMatch2.18.5

mozillabugzillaMatch2.18.6

mozillabugzillaMatch2.19

mozillabugzillaMatch2.19.1

mozillabugzillaMatch2.19.2

mozillabugzillaMatch2.19.3

mozillabugzillaMatch2.20

mozillabugzillaMatch2.20rc1

mozillabugzillaMatch2.20rc2

mozillabugzillaMatch2.20.1

mozillabugzillaMatch2.20.2

mozillabugzillaMatch2.20.3

mozillabugzillaMatch2.20.4

mozillabugzillaMatch2.20.5

mozillabugzillaMatch2.20.6

mozillabugzillaMatch2.20.7

mozillabugzillaMatch2.21

mozillabugzillaMatch2.21.1

mozillabugzillaMatch2.21.2

mozillabugzillaMatch2.22

mozillabugzillaMatch2.22rc1

mozillabugzillaMatch2.22.1

mozillabugzillaMatch2.22.2

mozillabugzillaMatch2.22.3

mozillabugzillaMatch2.22.4

mozillabugzillaMatch2.22.5

mozillabugzillaMatch2.22.6

mozillabugzillaMatch2.22.7

Node

mozillabugzillaMatch3.0

mozillabugzillaMatch3.0rc1

mozillabugzillaMatch3.0.0

mozillabugzillaMatch3.0.1

mozillabugzillaMatch3.0.2

mozillabugzillaMatch3.0.3

mozillabugzillaMatch3.0.4

mozillabugzillaMatch3.0.5

mozillabugzillaMatch3.0.6

mozillabugzillaMatch3.0.7

mozillabugzillaMatch3.0.8

mozillabugzillaMatch3.0.9

mozillabugzillaMatch3.0.10

mozillabugzillaMatch3.0.11

mozillabugzillaMatch3.1.0

mozillabugzillaMatch3.1.1

mozillabugzillaMatch3.1.2

mozillabugzillaMatch3.1.3

mozillabugzillaMatch3.1.4

mozillabugzillaMatch3.2

mozillabugzillaMatch3.2rc1

mozillabugzillaMatch3.2rc2

mozillabugzillaMatch3.2.1

mozillabugzillaMatch3.2.2

mozillabugzillaMatch3.2.3

mozillabugzillaMatch3.2.4

mozillabugzillaMatch3.2.5

mozillabugzillaMatch3.2.6

mozillabugzillaMatch3.2.7

mozillabugzillaMatch3.2.8

mozillabugzillaMatch3.2.9

mozillabugzillaMatch3.2.10

mozillabugzillaMatch3.3

mozillabugzillaMatch3.3.1

mozillabugzillaMatch3.3.2

mozillabugzillaMatch3.3.3

mozillabugzillaMatch3.3.4

Node

mozillabugzillaMatch3.4

mozillabugzillaMatch3.4rc1

mozillabugzillaMatch3.4.1

mozillabugzillaMatch3.4.2

mozillabugzillaMatch3.4.3

mozillabugzillaMatch3.4.4

mozillabugzillaMatch3.4.5

mozillabugzillaMatch3.4.6

mozillabugzillaMatch3.4.7

mozillabugzillaMatch3.4.8

mozillabugzillaMatch3.4.9

mozillabugzillaMatch3.4.10

mozillabugzillaMatch3.4.11

Node

mozillabugzillaMatch3.5

mozillabugzillaMatch3.5.1

mozillabugzillaMatch3.5.2

mozillabugzillaMatch3.5.3

Node

mozillabugzillaMatch3.6

mozillabugzillaMatch3.6rc1

mozillabugzillaMatch3.6.0

mozillabugzillaMatch3.6.1

mozillabugzillaMatch3.6.2

mozillabugzillaMatch3.6.3

mozillabugzillaMatch3.6.4

mozillabugzillaMatch3.6.5

Node

mozillabugzillaMatch3.7

mozillabugzillaMatch3.7.1

mozillabugzillaMatch3.7.2

mozillabugzillaMatch3.7.3

Node

mozillabugzillaMatch4.0

mozillabugzillaMatch4.0rc1

mozillabugzillaMatch4.0rc2

mozillabugzillaMatch4.0.1

Node

mozillabugzillaMatch4.1

mozillabugzillaMatch4.1.1

mozillabugzillaMatch4.1.2

VendorProductVersionCPE
mozillabugzilla2.16cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*
mozillabugzilla2.16cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*
mozillabugzilla2.16.1cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*
mozillabugzilla2.16.2cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*
mozillabugzilla2.16.3cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*
mozillabugzilla2.16.4cpe:2.3:a:mozilla:bugzilla:2.16.4:*:*:*:*:*:*:*
mozillabugzilla2.16.5cpe:2.3:a:mozilla:bugzilla:2.16.5:*:*:*:*:*:*:*
mozillabugzilla2.16.6cpe:2.3:a:mozilla:bugzilla:2.16.6:*:*:*:*:*:*:*
mozillabugzilla2.16.7cpe:2.3:a:mozilla:bugzilla:2.16.7:*:*:*:*:*:*:*
mozillabugzilla2.16.8cpe:2.3:a:mozilla:bugzilla:2.16.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	bugzilla	2.16	cpe:2.3:a:mozilla:bugzilla:2.16:::::::*
mozilla	bugzilla	2.16	cpe:2.3:a:mozilla:bugzilla:2.16:rc1::::::
mozilla	bugzilla	2.16.1	cpe:2.3:a:mozilla:bugzilla:2.16.1:::::::*
mozilla	bugzilla	2.16.2	cpe:2.3:a:mozilla:bugzilla:2.16.2:::::::*
mozilla	bugzilla	2.16.3	cpe:2.3:a:mozilla:bugzilla:2.16.3:::::::*
mozilla	bugzilla	2.16.4	cpe:2.3:a:mozilla:bugzilla:2.16.4:::::::*
mozilla	bugzilla	2.16.5	cpe:2.3:a:mozilla:bugzilla:2.16.5:::::::*
mozilla	bugzilla	2.16.6	cpe:2.3:a:mozilla:bugzilla:2.16.6:::::::*
mozilla	bugzilla	2.16.7	cpe:2.3:a:mozilla:bugzilla:2.16.7:::::::*
mozilla	bugzilla	2.16.8	cpe:2.3:a:mozilla:bugzilla:2.16.8:::::::*