Lucene search

RedhatCVE-2008-6098

HistoryFeb 09, 2009 - 6:30 p.m.

CVE-2008-6098

2009-02-0918:30:00

CWE-264

redhat

web.nvd.nist.gov

bugzilla

cve-2008-6098

remote authentication

moderation bypass

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

AI Score

6.1

Confidence

Low

EPSS

0.004

Percentile

73.5%

JSON

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to “approve.”

Affected configurations

Nvd

Node

mozillabugzillaMatch2.17.4

mozillabugzillaMatch2.17.5

mozillabugzillaMatch2.17.6

mozillabugzillaMatch2.17.7

mozillabugzillaMatch2.18

mozillabugzillaMatch2.18rc1

mozillabugzillaMatch2.18rc2

mozillabugzillaMatch2.18rc3

mozillabugzillaMatch2.18.1

mozillabugzillaMatch2.18.2

mozillabugzillaMatch2.18.3

mozillabugzillaMatch2.18.4

mozillabugzillaMatch2.18.5

mozillabugzillaMatch2.18.6

mozillabugzillaMatch2.18.7

mozillabugzillaMatch2.18.8

mozillabugzillaMatch2.18.9

mozillabugzillaMatch2.19

mozillabugzillaMatch2.19.1

mozillabugzillaMatch2.19.2

mozillabugzillaMatch2.19.3

mozillabugzillaMatch2.20

mozillabugzillaMatch2.20rc1

mozillabugzillaMatch2.20rc2

mozillabugzillaMatch2.20.1

mozillabugzillaMatch2.20.2

mozillabugzillaMatch2.20.3

mozillabugzillaMatch2.20.4

mozillabugzillaMatch2.20.5

mozillabugzillaMatch2.20.6

mozillabugzillaMatch2.21

mozillabugzillaMatch2.21.1

mozillabugzillaMatch2.21.2

mozillabugzillaMatch2.22

mozillabugzillaMatch2.22rc1

mozillabugzillaMatch2.22.1

mozillabugzillaMatch2.22.2

mozillabugzillaMatch2.22.3

mozillabugzillaMatch2.22.4

mozillabugzillaMatch2.22.5

mozillabugzillaMatch2.22.6

mozillabugzillaMatch2.23

mozillabugzillaMatch2.23.1

mozillabugzillaMatch2.23.2

mozillabugzillaMatch2.23.3

mozillabugzillaMatch2.23.4

mozillabugzillaMatch3.0.0

mozillabugzillaMatch3.0.1

mozillabugzillaMatch3.0.2

mozillabugzillaMatch3.0.3

mozillabugzillaMatch3.0.4

mozillabugzillaMatch3.0.5

mozillabugzillaMatch3.0.6

mozillabugzillaMatch3.0.7

mozillabugzillaMatch3.0_rc1

mozillabugzillaMatch3.1.0

mozillabugzillaMatch3.1.1

mozillabugzillaMatch3.1.2

mozillabugzillaMatch3.1.3

mozillabugzillaMatch3.1.4

mozillabugzillaMatch3.2

mozillabugzillaMatch3.2.1

mozillabugzillaMatch3.3.1

mozillabugzillaMatch3.3.2

VendorProductVersionCPE
mozillabugzilla2.17.4cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*
mozillabugzilla2.17.5cpe:2.3:a:mozilla:bugzilla:2.17.5:*:*:*:*:*:*:*
mozillabugzilla2.17.6cpe:2.3:a:mozilla:bugzilla:2.17.6:*:*:*:*:*:*:*
mozillabugzilla2.17.7cpe:2.3:a:mozilla:bugzilla:2.17.7:*:*:*:*:*:*:*
mozillabugzilla2.18cpe:2.3:a:mozilla:bugzilla:2.18:*:*:*:*:*:*:*
mozillabugzilla2.18cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:*
mozillabugzilla2.18cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:*
mozillabugzilla2.18cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:*
mozillabugzilla2.18.1cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*
mozillabugzilla2.18.2cpe:2.3:a:mozilla:bugzilla:2.18.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	bugzilla	2.17.4	cpe:2.3:a:mozilla:bugzilla:2.17.4:::::::*
mozilla	bugzilla	2.17.5	cpe:2.3:a:mozilla:bugzilla:2.17.5:::::::*
mozilla	bugzilla	2.17.6	cpe:2.3:a:mozilla:bugzilla:2.17.6:::::::*
mozilla	bugzilla	2.17.7	cpe:2.3:a:mozilla:bugzilla:2.17.7:::::::*
mozilla	bugzilla	2.18	cpe:2.3:a:mozilla:bugzilla:2.18:::::::*
mozilla	bugzilla	2.18	cpe:2.3:a:mozilla:bugzilla:2.18:rc1::::::
mozilla	bugzilla	2.18	cpe:2.3:a:mozilla:bugzilla:2.18:rc2::::::
mozilla	bugzilla	2.18	cpe:2.3:a:mozilla:bugzilla:2.18:rc3::::::
mozilla	bugzilla	2.18.1	cpe:2.3:a:mozilla:bugzilla:2.18.1:::::::*
mozilla	bugzilla	2.18.2	cpe:2.3:a:mozilla:bugzilla:2.18.2:::::::*