Security Advisory for Bugzilla 3.0.1 and 3.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers a critical security issue that has recently been fixed in the Bugzilla code: Even with account creation disabled, users can...

CVE-2007-4539

The WebService XML-RPC interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the 1 Deadline and 2 Estimated Time fields...