oss-sec mailing list archives
CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation)
From: Christian Hoffmann <hoffie () gentoo org>
Date: Wed, 07 May 2008 20:42:47 +0200
Hi,can we please get CVE ids assigned for the three issues mentioned in the release announcement [1] of the new bugzilla versions?
""" * Users without the "canconfirm" privilege could enter a bug as NEW or ASSIGNED by using the XML-RPC interface. * When viewing several bugs at once, there was a Cross-Site Scripting hole. * The inbound email interface allowed you to set the Reporter via the text of the email, instead of just using the From header. """ [1] http://www.bugzilla.org/security/2.20.5/ Thanks, -- Christian Hoffmann
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Christian Hoffmann (May 07)
- Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Steven M. Christey (May 07)
- Re: Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Hanno Böck (May 13)
- Re: Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Tomas Hoger (May 13)
- Re: Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Steven M. Christey (May 13)
- Re: Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Hanno Böck (May 13)
- Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Steven M. Christey (May 07)