Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Bugzilla < 2.18.2 / 2.20rc1 Multiple Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to an flaw in the way that it discloses private information.

Description

The remote host is running Bugzilla, a bug-tracking software with a web interface. This version of Bugzilla on the remote host suffers from two information disclosure vulnerabilities:

- Any user can change any flag on a bug, even if they don't otherwise have access to the bug or rights to make changes to it.

- A private bug summary may be visible to users if MySQL replication is used on the backend database.

Solution

Upgrade to Bugzilla 2.18.2 / 2.20rc1 or higher.