VuXML ID | Description |
1c8a039b-7b23-11e2-b17b-20cf30e32f6d | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
Cross-Site Scripting
When viewing a single bug report, which is the default,
the bug ID is validated and rejected if it is invalid.
But when viewing several bug reports at once, which is
specified by the format=multiple parameter, invalid bug
IDs can go through and are sanitized in the HTML page
itself. But when an invalid page format is passed to the
CGI script, the wrong HTML page is called and data are not
correctly sanitized, which can lead to XSS.
Information Leak
When running a query in debug mode, the generated SQL
query used to collect the data is displayed. The way this
SQL query is built permits the user to determine if some
confidential field value (such as a product name) exists.
This problem only affects Bugzilla 4.0.9 and older. Newer
releases are not affected by this issue.
Discovery 2013-02-19 Entry 2013-02-20 Modified 2013-03-31 bugzilla
de-bugzilla
ru-bugzilla
ja-bugzilla
ge 3.6.0 lt 3.6.13
ge 4.0.0 lt 4.0.10
ge 4.2.0 lt 4.2.5
CVE-2013-0785
https://bugzilla.mozilla.org/show_bug.cgi?id=842038
CVE-2013-0786
https://bugzilla.mozilla.org/show_bug.cgi?id=824399
|
2b841f88-2e8d-11e2-ad21-20cf30e32f6d | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
The following security issues have been discovered in
Bugzilla:
Information Leak
If the visibility of a custom field is controlled by a product
or a component of a product you cannot see, their names are
disclosed in the JavaScript code generated for this custom field
despite they should remain confidential.
Calling the User.get method with a 'groups' argument leaks the
existence of the groups depending on whether an error is thrown
or not. This method now also throws an error if the user calling
this method does not belong to these groups (independently of
whether the groups exist or not).
Trying to mark an attachment in a bug you cannot see as obsolete
discloses its description in the error message. The description
of the attachment is now removed from the error message.
Cross-Site Scripting
Due to incorrectly filtered field values in tabular reports,
it is possible to inject code leading to XSS.
A vulnerability in swfstore.swf from YUI2 allows JavaScript
injection exploits to be created against domains that host this
affected YUI .swf file.
Discovery 2012-11-13 Entry 2012-11-14 Modified 2012-11-27 bugzilla
ge 3.6.0 lt 3.6.12
ge 4.0.0 lt 4.0.9
ge 4.2.0 lt 4.2.4
CVE-2012-4199
https://bugzilla.mozilla.org/show_bug.cgi?id=731178
CVE-2012-4198
https://bugzilla.mozilla.org/show_bug.cgi?id=781850
CVE-2012-4197
https://bugzilla.mozilla.org/show_bug.cgi?id=802204
CVE-2012-4189
https://bugzilla.mozilla.org/show_bug.cgi?id=790296
CVE-2012-5881
CVE-2012-5882
CVE-2012-5883
https://bugzilla.mozilla.org/show_bug.cgi?id=808845
http://yuilibrary.com/support/20121030-vulnerability/
|
6ad18fe5-f469-11e1-920d-20cf30e32f6d | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
The following security issues have been discovered in
Bugzilla:
LDAP Injection
When the user logs in using LDAP, the username is not
escaped when building the uid=$username filter which is
used to query the LDAP directory. This could potentially
lead to LDAP injection.
Directory Browsing
Extensions are not protected against directory browsing
and users can access the source code of the templates
which may contain sensitive data.
Directory browsing is blocked in Bugzilla 4.3.3 only,
because it requires a configuration change in the Apache
httpd.conf file to allow local .htaccess files to use
Options -Indexes. To not break existing installations,
this fix has not been backported to stable branches.
The access to templates is blocked for all supported
branches except the old 3.6 branch, because this branch
doesn't have .htaccess in the bzr repository and cannot
be fixed easily for existing installations without
potentially conflicting with custom changes.
Discovery 2012-08-30 Entry 2012-09-01 bugzilla
ge 3.6.0 lt 3.6.11
ge 4.0.0 lt 4.0.8
ge 4.2.0 lt 4.2.3
CVE-2012-3981
https://bugzilla.mozilla.org/show_bug.cgi?id=785470
https://bugzilla.mozilla.org/show_bug.cgi?id=785522
https://bugzilla.mozilla.org/show_bug.cgi?id=785511
|
e135f0c9-375f-11e3-80b7-20cf30e32f6d | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
Cross-Site Request Forgery
When a user submits changes to a bug right after another
user did, a midair collision page is displayed to inform
the user about changes recently made. This page contains
a token which can be used to validate the changes if the
user decides to submit his changes anyway. A regression
in Bugzilla 4.4 caused this token to be recreated if a
crafted URL was given, even when no midair collision page
was going to be displayed, allowing an attacker to bypass
the token check and abuse a user to commit changes on his
behalf.
Cross-Site Request Forgery
When an attachment is edited, a token is generated to
validate changes made by the user. Using a crafted URL,
an attacker could force the token to be recreated,
allowing him to bypass the token check and abuse a user
to commit changes on his behalf.
Cross-Site Scripting
Some parameters passed to editflagtypes.cgi were not
correctly filtered in the HTML page, which could lead
to XSS.
Cross-Site Scripting
Due to an incomplete fix for CVE-2012-4189, some
incorrectly filtered field values in tabular reports
could lead to XSS.
Discovery 2013-10-16 Entry 2013-10-17 Modified 2014-04-30 bugzilla
ge 4.0.0 lt 4.0.11
bugzilla40
ge 4.0.0 lt 4.0.11
bugzilla42
ge 4.2.0 lt 4.2.7
bugzilla44
ge 4.4 lt 4.4.1
CVE-2013-1733
https://bugzilla.mozilla.org/show_bug.cgi?id=911593
CVE-2013-1734
https://bugzilla.mozilla.org/show_bug.cgi?id=913904
CVE-2013-1742
https://bugzilla.mozilla.org/show_bug.cgi?id=924802
CVE-2013-1743
https://bugzilla.mozilla.org/show_bug.cgi?id=924932
|
58253655-d82c-11e1-907c-20cf30e32f6d | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
The following security issues have been discovered in
Bugzilla:
Information Leak
Versions: 4.1.1 to 4.2.1, 4.3.1
In HTML bugmails, all bug IDs and attachment IDs are
linkified, and hovering these links displays a tooltip
with the bug summary or the attachment description if
the user is allowed to see the bug or attachment.
But when validating user permissions when generating the
email, the permissions of the user who edited the bug were
taken into account instead of the permissions of the
addressee. This means that confidential information could
be disclosed to the addressee if the other user has more
privileges than the addressee.
Plain text bugmails are not affected as bug and attachment
IDs are not linkified.
Information Leak
Versions: 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to
4.2.1, 4.3.1
The description of a private attachment could be visible
to a user who hasn't permissions to access this attachment
if the attachment ID is mentioned in a public comment in
a bug that the user can see.
Discovery 2012-07-26 Entry 2012-07-27 bugzilla
ge 3.6.0 lt 3.6.10
ge 4.0.0 lt 4.0.7
ge 4.2.0 lt 4.2.2
CVE-2012-1968
CVE-2012-1969
https://bugzilla.mozilla.org/show_bug.cgi?id=777398
https://bugzilla.mozilla.org/show_bug.cgi?id=777586
|