Bugzilla < 2.16.6 / 2.18rc1 Multiple Vulnerabilities (XSS, SQLi, Priv Esc, more)

medium Nessus Plugin ID 13635

Synopsis

The remote web server contains a CGI application that suffers from multiple flaws.

Description

The remote Bugzilla bug tracking system, according to its version number, is vulnerable to various flaws :

- An administrator may be able to execute arbitrary SQL commands on the remote host.

- There are instances of information leaks that may let an attacker know the database password (under certain circumstances, 2.17.x only) or obtain the names of otherwise hidden products.

- A user with grant membership privileges may escalate his privileges and belong to another group.

- There is a cross-site scripting issue in the administrative web interface.

- Users passwords may be embedded in URLs (2.17.x only).

- Several information leaks exist that may allow users to determine the names of other users and non-users to obtain a list of products, including those that administrators might want to keep confidential.

Solution

Upgrade to 2.16.6 or 2.20 or later.

See Also

https://www.bugzilla.org/security/

Plugin Details

Severity: Medium

ID: 13635

File Name: bugzilla_multiple_vulns.nasl

Version: 1.31

Type: remote

Family: CGI abuses

Published: 7/13/2004

Updated: 4/7/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:mozilla:bugzilla

Required KB Items: installed_sw/Bugzilla, Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2/22/2004

Reference Information

CVE: CVE-2004-0702, CVE-2004-0703, CVE-2004-0704, CVE-2004-0705, CVE-2004-0706, CVE-2004-0707

BID: 10698

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990