Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Bugzilla < 3.2.4/3.4 RC1 Security-Bypass Vulnerability

Medium

Synopsis

The remote host is affected by a security bypass vulnerability.

Description

The remote web server is running a version of Bugzilla earlier than 3.2.4/3.4 RC1. Such versions reportedly allow authenticated users who do not belong to the 'canconfirm' group to modify the status of bugs. An attacker could exploit this to change the status of bug reports.

Solution

Upgrade to Bugzilla 3.2.4/3.4 RC1