Bugzilla < 3.2.4/3.4 RC1 Security-Bypass Vulnerability

medium Nessus Network Monitor Plugin ID 5095

Synopsis

The remote host is affected by a security bypass vulnerability.

Description

The remote web server is running a version of Bugzilla earlier than 3.2.4/3.4 RC1. Such versions reportedly allow authenticated users who do not belong to the 'canconfirm' group to modify the status of bugs. An attacker could exploit this to change the status of bug reports.

Solution

Upgrade to Bugzilla 3.2.4/3.4 RC1

See Also

http://www.bugzilla.org/security/3.2.3

Plugin Details

Severity: Medium

ID: 5095

Family: CGI

Published: 8/18/2004

Updated: 3/6/2019

Reference Information

BID: 35604