VuXML ID | Description |
97c3a452-6e36-11d9-8324-000a95bc6fae | bugzilla -- cross-site scripting vulnerability
A Bugzilla advisory states:
This advisory covers a single cross-site scripting issue
that has recently been discovered and fixed in the
Bugzilla code: If a malicious user links to a Bugzilla
site using a specially crafted URL, a script in the error
page generated by Bugzilla will display the URL unaltered
in the page, allowing scripts embedded in the URL to
execute.
Discovery 2004-12-01 Entry 2005-01-24 bugzilla
ja-bugzilla
< 2.16.8
ge 2.17.* lt 2.18
CVE-2004-1061
http://www.bugzilla.org/security/2.16.7-nr/
https://bugzilla.mozilla.org/show_bug.cgi?id=272620
|
0c7a3ee2-3654-11e1-b404-20cf30e32f6d | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
The following security issues have been discovered in Bugzilla:
- Tabular and graphical reports, as well as new charts have
a debug mode which displays raw data as plain text. This
text is not correctly escaped and a crafted URL could use
this vulnerability to inject code leading to XSS.
- The User.offer_account_by_email WebService method ignores
the user_can_create_account setting of the authentication
method and generates an email with a token in it which the
user can use to create an account. Depending on the
authentication method being active, this could allow the
user to log in using this account.
Installations where the createemailregexp parameter is
empty are not vulnerable to this issue.
- The creation of bug reports and of attachments is not
protected by a token and so they can be created without the
consent of a user if the relevant code is embedded in an
HTML page and the user visits this page. This behavior was
intentional to let third-party applications submit new bug
reports and attachments easily. But as this behavior can be
abused by a malicious user, it has been decided to block
submissions with no valid token starting from version 4.2rc1.
Older branches are not patched to not break these third-party
applications after the upgrade.
All affected installations are encouraged to upgrade as soon
as possible.
Discovery 2011-11-28 Entry 2012-01-05 bugzilla
ge 2.4.* lt 3.6.7
ge 4.0.* lt 4.0.3
CVE-2011-3657
CVE-2011-3667
CVE-2011-3668
CVE-2011-3669
https://bugzilla.mozilla.org/show_bug.cgi?id=697699
https://bugzilla.mozilla.org/show_bug.cgi?id=711714
https://bugzilla.mozilla.org/show_bug.cgi?id=703975
https://bugzilla.mozilla.org/show_bug.cgi?id=703983
|
dc8741b9-c5d5-11e0-8a8e-00151735203a | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
The following security issues have been discovered in Bugzilla:
- Internet Explorer 8 and older, and Safari before 5.0.6 do
content sniffing when viewing a patch in "Raw Unified" mode,
which could trigger a cross-site scripting attack due to
the execution of malicious code in the attachment.
- It is possible to determine whether or not certain group
names exist while creating or updating bugs.
- Attachment descriptions with a newline in them could lead
to the injection of crafted headers in email notifications sent
to the requestee or the requester when editing an attachment
flag.
- If an attacker has access to a user's session, he can modify
that user's email address without that user being notified
of the change.
- Temporary files for uploaded attachments are not deleted
on Windows, which could let a user with local access to
the server read them.
- Up to Bugzilla 3.4.11, if a BUGLIST cookie is compromised,
it can be used to inject HTML code when viewing a bug report,
leading to a cross-site scripting attack.
All affected installations are encouraged to upgrade as soon as
possible.
Discovery 2011-08-04 Entry 2011-08-13 bugzilla
ge 2.4.* lt 3.6.6
ge 4.0.* lt 4.0.2
CVE-2011-2379
CVE-2011-2380
CVE-2011-2979
CVE-2011-2381
CVE-2011-2978
CVE-2011-2977
CVE-2011-2976
https://bugzilla.mozilla.org/show_bug.cgi?id=637981
https://bugzilla.mozilla.org/show_bug.cgi?id=653477
https://bugzilla.mozilla.org/show_bug.cgi?id=674497
https://bugzilla.mozilla.org/show_bug.cgi?id=657158
https://bugzilla.mozilla.org/show_bug.cgi?id=670868
https://bugzilla.mozilla.org/show_bug.cgi?id=660502
https://bugzilla.mozilla.org/show_bug.cgi?id=660053
|
c8c927e5-2891-11e0-8f26-00151735203a | bugzilla -- multiple serious vulnerabilities
A Bugzilla Security Advisory reports:
This advisory covers three security issues that have recently been
fixed in the Bugzilla code:
- A weakness in Bugzilla could allow a user to gain unauthorized
access to another Bugzilla account.
- A weakness in the Perl CGI.pm module allows injecting HTTP
headers and content to users via several pages in Bugzilla.
- If you put a harmful "javascript:" or "data:" URL into
Bugzilla's "URL" field, then there are multiple situations in
which Bugzilla will unintentionally make that link clickable.
- Various pages lack protection against cross-site request
forgeries.
All affected installations are encouraged to upgrade as soon as
possible.
Discovery 2011-01-24 Entry 2011-01-25 bugzilla
ge 2.14.* lt 3.6.4
25425
CVE-2010-4568
CVE-2010-2761
CVE-2010-4411
CVE-2010-4572
CVE-2010-4567
CVE-2010-0048
CVE-2011-0046
https://bugzilla.mozilla.org/show_bug.cgi?id=621591
https://bugzilla.mozilla.org/show_bug.cgi?id=619594
https://bugzilla.mozilla.org/show_bug.cgi?id=591165
https://bugzilla.mozilla.org/show_bug.cgi?id=621572
https://bugzilla.mozilla.org/show_bug.cgi?id=619588
https://bugzilla.mozilla.org/show_bug.cgi?id=628034
https://bugzilla.mozilla.org/show_bug.cgi?id=621090
https://bugzilla.mozilla.org/show_bug.cgi?id=621105
https://bugzilla.mozilla.org/show_bug.cgi?id=621107
https://bugzilla.mozilla.org/show_bug.cgi?id=621108
https://bugzilla.mozilla.org/show_bug.cgi?id=621109
https://bugzilla.mozilla.org/show_bug.cgi?id=621110
|
309542b5-50b9-11e1-b0d8-00151735203a | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
The following security issues have been discovered in
Bugzilla:
- Account Impersonation:
When a user creates a new account, Bugzilla doesn't correctly
reject email addresses containing non-ASCII characters, which
could be used to impersonate another user account. Such email
addresses could look visually identical to other valid email
addresses, and an attacker could try to confuse other users
and be added to bugs he shouldn't have access to.
- Cross-Site Request Forgery:
Due to a lack of validation of the Content-Type head when
making POST requests to jsonrpc.cgi, a possible CSRF
vulnerability was discovered. If a user visits an HTML page
with some malicious JS code in it, an attacker could make
changes to a remote Bugzilla installation on behalf of the
victim's account by using the JSON-RPC API. The user would
have had to be already logged in to the target site for the
vulnerability to work.
All affected installations are encouraged to upgrade as soon as
possible.
Discovery 2012-01-31 Entry 2012-02-06 bugzilla
ge 2.4.* lt 3.6.8
ge 4.0.* lt 4.0.4
CVE-2012-0448
CVE-2012-0440
https://bugzilla.mozilla.org/show_bug.cgi?id=714472
https://bugzilla.mozilla.org/show_bug.cgi?id=718319
|
6d68618a-7199-11db-a2ad-000c6ec775d9 | bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports:
- Sometimes the information put into the
and
tags in Bugzilla was not properly escaped,
leading to a possible XSS vulnerability.
- Bugzilla administrators were allowed to put raw,
unfiltered HTML into many fields in Bugzilla, leading to
a possible XSS vulnerability. Now, the HTML allowed in
those fields is limited.
- attachment.cgi could leak the names of private
attachments
- The "deadline" field was visible in the XML format of
a bug, even to users who were not a member of the
"timetrackinggroup."
- A malicious user could pass a URL to an admin, and
make the admin delete or change something that he had
not intended to delete or change.
- It is possible to inject arbitrary HTML into the
showdependencygraph.cgi page, allowing for a cross-site
scripting attack.
Discovery 2006-10-15 Entry 2006-11-11 bugzilla
ja-bugzilla
gt 2.* lt 2.22.1
CVE-2006-5453
CVE-2006-5454
CVE-2006-5455
http://www.bugzilla.org/security/2.18.5/
|