Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Bugzilla < 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 Multiple Vulnerabilities

High

Synopsis

The remote host is running a version of Bugzilla which is affected by multiple vulnerabilities.

Description

The remote host is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla on the remote host is susceptible to the following vulnerabilities :

- A security-bypass vulnerability because it fails to verify the email id during account creation. Specifically, this issue occurs because the login names are automatically added to groups based on the domain. This issue affects the 'realname' parameter.(CVE-2014-1572)

- Multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input submitted to CGI arguments.(CVE-2014-1573)

- An information disclosure vulnerability because a flag mail recipient who is not in an insider group can view the private comments.(CVE-2014-1571)

Solution

Upgrade to Bugzilla 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 or later.