Back to search
CVE-2008-2105
Published: May 7, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1019969
vdb-entry
x_refsource_SECTRACK
29038
vdb-entry
x_refsource_BID
30167
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-3442
vendor-advisory
x_refsource_FEDORA
bugzilla-emailin-security-bypass(42235)
vdb-entry
x_refsource_XF
FEDORA-2008-3488
vendor-advisory
x_refsource_FEDORA
https://bugzilla.mozilla.org/show_bug.cgi?id=419188
x_refsource_CONFIRM
30064
third-party-advisory
x_refsource_SECUNIA
http://www.bugzilla.org/security/2.20.5/
x_refsource_CONFIRM
ADV-2008-1428
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now