Detections
Analytics

Bugzilla < 3.2.4/3.4 RC1 Security-Bypass Vulnerability

medium Nessus Network Monitor Plugin ID 5095

Synopsis

The remote host is affected by a security bypass vulnerability.

Description

The remote web server is running a version of Bugzilla earlier than 3.2.4/3.4 RC1. Such versions reportedly allow authenticated users who do not belong to the 'canconfirm' group to modify the status of bugs. An attacker could exploit this to change the status of bug reports.

Solution

Upgrade to Bugzilla 3.2.4/3.4 RC1

See Also

http://www.bugzilla.org/security/3.2.3

Plugin Details

Severity: Medium

ID: 5095

Family: CGI

Published: 8/18/2004

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Reference Information

BID: 35604