Bugzilla < 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 Multiple Vulnerabilities

High Nessus Plugin ID 78069

Synopsis

The remote web server contains a web application affected by multiple vulnerabilities.

Description

According to its banner, the version of Bugzilla installed on the remote host contains multiple flaws. It is, therefore, affected by the following vulnerabilities :

- If a new comment is marked as private to the insider group, and a flag is set in the same transaction, the comment will be visible to flag recipients even if they are not in the insider group. (CVE-2014-1571)

- A remote attacker can override certain parameters when creating a new Bugzilla account. This can lead to the account being created with a different email address than originally requested, allowing a user to be added to certain groups based on the group's regular expression setting. This may allow an attacker to escalate a given user accounts privileges.
(CVE-2014-1572)

- A flaw existed in how CGI arguments were handled that could allow cross-site scripting exploits which an attacker could use to access sensitive information.
(CVE-2014-1573)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Bugzilla 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 or later.

See Also

https://blog.checkpoint.com/2014/10/06/bug-in-the-bug-tracker/

https://www.bugzilla.org/security/4.0.14/

https://www.securityfocus.com/archive/1/533628/30/0/threaded

Plugin Details

Severity: High

ID: 78069

File Name: bugzilla_4_4_6.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 2014/10/06

Updated: 2018/11/15

Dependencies: 11462

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:bugzilla

Required KB Items: installed_sw/Bugzilla, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/10/06

Vulnerability Publication Date: 2014/10/06

Reference Information

CVE: CVE-2014-1571, CVE-2014-1572, CVE-2014-1573

BID: 70256, 70257, 70258

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990