Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Bugzilla quips.cgi Unspecified Crafted Variable Security Bypass

Medium

Synopsis

The security controls on the remote host can be bypassed.

Description

The remote host is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla on the remote host suffers from a flaw where an authenticated user can bypass security controls and modify quips.

Solution

Upgrade to version 2.20.7, 2.22.6, 3.0.6 or higher.