CVE-2008-6098

Bugzilla 2.17.4-3.2 RC1 - Authenticated Moderation Bypass via quips.cgi Action Parameter

Title source: llm
STIX 2.1

Description

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."

References (8)

Core 8
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=449931
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46424
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32178
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32501
Issue Tracking x_refsource_confirm
http://www.bugzilla.org/security/2.20.6/
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34361

Scores

EPSS 0.0115
EPSS Percentile 63.2%

Details

CWE
CWE-264
Status published
Products (44)
mozilla/bugzilla 2.17.4
mozilla/bugzilla 2.17.5
mozilla/bugzilla 2.17.6
mozilla/bugzilla 2.17.7
mozilla/bugzilla 2.18 (4 CPE variants)
mozilla/bugzilla 2.18.1
mozilla/bugzilla 2.18.2
mozilla/bugzilla 2.18.3
mozilla/bugzilla 2.18.4
mozilla/bugzilla 2.18.5
... and 34 more
Published Feb 09, 2009
Tracked Since Feb 18, 2026