CVE-2008-6098

critical

Description

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."

References

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/46424

https://bugzilla.mozilla.org/show_bug.cgi?id=449931

http://www.securityfocus.com/bid/32178

http://www.bugzilla.org/security/2.20.6/

http://secunia.com/advisories/34361

http://secunia.com/advisories/32501

Details

Source: Mitre, NVD

Published: 2009-02-09

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00382