| VID |
22647 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Bugzilla bug-tracking system, according to its version number, has multiple vulnerabilities. Bugzilla is a Web-based bug-tracking system, based on Perl and MySQL. Bugzilla versions 4.5 through 4.5.6 are vulnerable to multiple vulnerabilities as follows:
- If a new comment is marked as private to the insider group, and a flag is set in the same transaction, the comment will be visible to flag recipients even if they are not in the insider group. (CVE-2014-1571)
- A remote attacker can override certain parameters when creating a new Bugzilla account. This can lead to the account being created with a different email address than originally requested, allowing a user to be added to certain groups based on the group's regular expression setting. This may allow an attacker to escalate a given user accounts privileges. (CVE-2014-1572)
- A flaw existed in how CGI arguments were handled that could allow cross-site scripting exploits which an attacker could use to access sensitive information. (CVE-2014-1573)
* Note: This check solely relied on the version number of Bugzilla installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.bugzilla.org/security/4.0.14/
http://www.securityfocus.com/archive/1/533628/30/0/threaded
* Platforms Affected:
Mozilla, Bugzilla from 4.5 to 4.5.6
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Bugzilla (4.5.6 or later), available from the Bugzilla Download Web site at http://www.bugzilla.org/download/ |
| Related URL |
CVE-2014-1571,CVE-2014-1572,CVE-2014-1573 (CVE) |
| Related URL |
70256,70257,70258 (SecurityFocus) |
| Related URL |
(ISS) |
|
