Bugzilla < 3.2.4/3.4 RC1 Security-Bypass Vulnerability

Medium Nessus Network Monitor Plugin ID 5095

Synopsis

The remote host is affected by a security bypass vulnerability.

Description

The remote web server is running a version of Bugzilla earlier than 3.2.4/3.4 RC1. Such versions reportedly allow authenticated users who do not belong to the 'canconfirm' group to modify the status of bugs. An attacker could exploit this to change the status of bug reports.

Solution

Upgrade to Bugzilla 3.2.4/3.4 RC1

See Also

http://www.bugzilla.org/security/3.2.3

Plugin Details

Severity: Medium

ID: 5095

Family: CGI

Published: 2004/08/18

Modified: 2016/02/05

Dependencies: 1442

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

BID: 35604