CVE-2008-2104
Bugzilla 3.1.3 - Authenticated Privilege Escalation via XML-RPC Interface
Title source: llmDescription
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29038
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019968
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=415471
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30064
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42218
Issue Tracking x_refsource_confirm
http://www.bugzilla.org/security/2.20.5/
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1428/references
Scores
EPSS
0.0093
EPSS Percentile
56.6%
Details
CWE
CWE-264
Status
published
Products (1)
mozilla/bugzilla
3.1.3
Published
May 07, 2008
Tracked Since
Feb 18, 2026