CVE-2008-2104

Bugzilla 3.1.3 - Authenticated Privilege Escalation via XML-RPC Interface

Title source: llm
STIX 2.1

Description

The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29038
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019968
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=415471
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30064
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42218
Issue Tracking x_refsource_confirm
http://www.bugzilla.org/security/2.20.5/
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1428/references

Scores

EPSS 0.0093
EPSS Percentile 56.6%

Details

CWE
CWE-264
Status published
Products (1)
mozilla/bugzilla 3.1.3
Published May 07, 2008
Tracked Since Feb 18, 2026