Design/Logic Flaw

2008-05-0720:20:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.2%

JSON

The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.

CPENameOperatorVersion
bugzillaeq3.1.3

CPE	Name	Operator	Version
	bugzilla	eq	3.1.3

References

secunia.com/advisories/30064

www.bugzilla.org/security/2.20.5/

www.securityfocus.com/bid/29038

www.securitytracker.com/id?1019968

www.vupen.com/english/advisories/2008/1428/references

bugzilla.mozilla.org/show_bug.cgi?id=415471

exchange.xforce.ibmcloud.com/vulnerabilities/42218