CVE-2011-3667

2012-01-0200:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.9%

JSON

The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x
before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3,
and 4.1.x through 4.1.3, when createemailregexp is not empty, does not
properly handle user_can_create_account settings, which allows remote
attackers to create user accounts by leveraging a token contained in an
e-mail message.