Re: Re: CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation)

[Hanno Böck <hanno () hboeck de>]

Am Mittwoch 07 Mai 2008 schrieb Steven M. Christey:
> ======================================================
> Name: CVE-2008-2104
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2104
> Reference: CONFIRM:http://www.bugzilla.org/security/2.20.5/
> Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=415471
> Reference: BID:29038
> Reference: URL:http://www.securityfocus.com/bid/29038
> Reference: FRSIRT:ADV-2008-1428
> Reference:
> URL:http://www.frsirt.com/english/advisories/2008/1428/references
> Reference: SECTRACK:1019968
> Reference: URL:http://www.securitytracker.com/id?1019968
> Reference: SECUNIA:30064
> Reference: URL:http://secunia.com/advisories/30064
> Reference: XF:bugzilla-xmlrpc-security-bypass(42218)
> Reference: URL:http://xforce.iss.net/xforce/xfdb/42218
>
> The WebService in Bugzilla before 3.1.3 allows remote authenticated
> users without canconfirm privileges to create NEW or ASSIGNED bug
> entries via a request to the XML-RPC interface, which bypasses the
> canconfirm check.

I think this should be "3.1.3 and before" ?
As 3.1.3 is also affected according to the upstream advisory.

-- 
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

Attachment: signature.asc
Description: This is a digitally signed message part.