Back to search
CVE-2008-2104
Published: May 7, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
29038
vdb-entry
x_refsource_BID
1019968
vdb-entry
x_refsource_SECTRACK
https://bugzilla.mozilla.org/show_bug.cgi?id=415471
x_refsource_CONFIRM
30064
third-party-advisory
x_refsource_SECUNIA
bugzilla-xmlrpc-security-bypass(42218)
vdb-entry
x_refsource_XF
http://www.bugzilla.org/security/2.20.5/
x_refsource_CONFIRM
ADV-2008-1428
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now