mailing list archives
CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation)
From: Christian Hoffmann <hoffie () gentoo org>
Date: Wed, 07 May 2008 20:42:47 +0200
can we please get CVE ids assigned for the three issues mentioned in the
release announcement  of the new bugzilla versions?
* Users without the "canconfirm" privilege could enter a bug as
NEW or ASSIGNED by using the XML-RPC interface.
* When viewing several bugs at once, there was a Cross-Site
* The inbound email interface allowed you to set the Reporter via
the text of the email, instead of just using the From header.
Description: OpenPGP digital signature
- CVE request: Bugzilla (Unauthorized Bug Change, XSS, Account Impersonation) Christian Hoffmann (May 07)