Bugzilla < 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 8606
SynopsisThe remote host is running a version of Bugzilla which is affected by multiple vulnerabilities.
DescriptionThe remote host is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla on the remote host is susceptible to the following vulnerabilities :
- A security-bypass vulnerability because it fails to verify the email id during account creation. Specifically, this issue occurs because the login names are automatically added to groups based on the domain. This issue affects the 'realname' parameter.(CVE-2014-1572)
- Multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input submitted to CGI arguments.(CVE-2014-1573)
- An information disclosure vulnerability because a flag mail recipient who is not in an insider group can view the private comments.(CVE-2014-1571)
SolutionUpgrade to Bugzilla 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 or later.