Bugzilla quips.cgi Unspecified Crafted Variable Security Bypass
Medium Nessus Network Monitor Plugin ID 4742
SynopsisThe security controls on the remote host can be bypassed.
DescriptionThe remote host is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla on the remote host suffers from a flaw where an authenticated user can bypass security controls and modify quips.
SolutionUpgrade to version 2.20.7, 2.22.6, 3.0.6 or higher.