Bugzilla < 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 Multiple Vulnerabilities

medium Nessus Plugin ID 78069

Synopsis

The remote web server contains a web application affected by multiple vulnerabilities.

Description

According to its banner, the version of Bugzilla installed on the remote host contains multiple flaws. It is, therefore, affected by the following vulnerabilities :

- If a new comment is marked as private to the insider group, and a flag is set in the same transaction, the comment will be visible to flag recipients even if they are not in the insider group. (CVE-2014-1571)

- A remote attacker can override certain parameters when creating a new Bugzilla account. This can lead to the account being created with a different email address than originally requested, allowing a user to be added to certain groups based on the group's regular expression setting. This may allow an attacker to escalate a given user accounts privileges.
(CVE-2014-1572)

- A flaw existed in how CGI arguments were handled that could allow cross-site scripting exploits which an attacker could use to access sensitive information.
(CVE-2014-1573)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Bugzilla 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 or later.

See Also

https://blog.checkpoint.com/2014/10/06/bug-in-the-bug-tracker/

https://www.bugzilla.org/security/4.0.14/

https://www.securityfocus.com/archive/1/533628/30/0/threaded

Plugin Details

Severity: Medium

ID: 78069

File Name: bugzilla_4_4_6.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 10/6/2014

Updated: 6/4/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2014-1572

Vulnerability Information

CPE: cpe:/a:mozilla:bugzilla

Required KB Items: installed_sw/Bugzilla, Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 10/6/2014

Vulnerability Publication Date: 10/6/2014

Reference Information

CVE: CVE-2014-1571, CVE-2014-1572, CVE-2014-1573

BID: 70256, 70257, 70258

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990