CVE-2008-6098
Bugzilla 2.17.4-3.2 RC1 - Authenticated Moderation Bypass via quips.cgi Action Parameter
Title source: llmDescription
Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."
References (8)
Core 8
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=449931
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46424
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32178
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32501
Issue Tracking x_refsource_confirm
http://www.bugzilla.org/security/2.20.6/
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34361
Scores
EPSS
0.0115
EPSS Percentile
63.2%
Details
CWE
CWE-264
Status
published
Products (44)
mozilla/bugzilla
2.17.4
mozilla/bugzilla
2.17.5
mozilla/bugzilla
2.17.6
mozilla/bugzilla
2.17.7
mozilla/bugzilla
2.18 (4 CPE variants)
mozilla/bugzilla
2.18.1
mozilla/bugzilla
2.18.2
mozilla/bugzilla
2.18.3
mozilla/bugzilla
2.18.4
mozilla/bugzilla
2.18.5
... and 34 more
Published
Feb 09, 2009
Tracked Since
Feb 18, 2026