Bugzilla < 3.2.4/3.4 RC1 Security-Bypass Vulnerability
Medium Nessus Network Monitor Plugin ID 5095
SynopsisThe remote host is affected by a security bypass vulnerability.
DescriptionThe remote web server is running a version of Bugzilla earlier than 3.2.4/3.4 RC1. Such versions reportedly allow authenticated users who do not belong to the 'canconfirm' group to modify the status of bugs. An attacker could exploit this to change the status of bug reports.
SolutionUpgrade to Bugzilla 3.2.4/3.4 RC1