Lucene search

MitreCVE-2010-2757

HistoryAug 16, 2010 - 3:14 p.m.

CVE-2010-2757

2010-08-1615:14:12

CWE-310

mitre

web.nvd.nist.gov

cve-2010-2757

bugzilla

sudo

impersonation

remote authentication

security vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.003

Percentile

65.7%

JSON

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.

Affected configurations

Nvd

Node

mozillabugzillaMatch2.4

mozillabugzillaMatch2.6

mozillabugzillaMatch2.8

mozillabugzillaMatch2.9

mozillabugzillaMatch2.22

mozillabugzillaMatch2.22rc1

mozillabugzillaMatch2.22.1

mozillabugzillaMatch2.22.3

mozillabugzillaMatch2.22.4

mozillabugzillaMatch2.22.5

mozillabugzillaMatch2.22.6

mozillabugzillaMatch2.22.7

mozillabugzillaMatch2.23

mozillabugzillaMatch2.23.1

mozillabugzillaMatch2.23.2

mozillabugzillaMatch2.23.3

mozillabugzillaMatch2.23.4

mozillabugzillaMatch3.0

mozillabugzillaMatch3.0rc1

mozillabugzillaMatch3.0.0

mozillabugzillaMatch3.0.1

mozillabugzillaMatch3.0.2

mozillabugzillaMatch3.0.3

mozillabugzillaMatch3.0.4

mozillabugzillaMatch3.0.5

mozillabugzillaMatch3.0.6

mozillabugzillaMatch3.0.7

mozillabugzillaMatch3.0.8

mozillabugzillaMatch3.0.9

mozillabugzillaMatch3.0.10

mozillabugzillaMatch3.0.11

mozillabugzillaMatch3.1.0

mozillabugzillaMatch3.1.1

mozillabugzillaMatch3.1.2

mozillabugzillaMatch3.1.3

mozillabugzillaMatch3.2

mozillabugzillaMatch3.2.2

mozillabugzillaMatch3.2.3

mozillabugzillaMatch3.2.4

mozillabugzillaMatch3.2.5

mozillabugzillaMatch3.2.6

mozillabugzillaMatch3.2.7

mozillabugzillaMatch3.3.1

mozillabugzillaMatch3.3.2

mozillabugzillaMatch3.3.3

mozillabugzillaMatch3.3.4

mozillabugzillaMatch3.4.1

mozillabugzillaMatch3.4.2

mozillabugzillaMatch3.4.3

mozillabugzillaMatch3.4.4

mozillabugzillaMatch3.4.5

mozillabugzillaMatch3.4.6

mozillabugzillaMatch3.4.7

mozillabugzillaMatch3.5.1

mozillabugzillaMatch3.5.2

mozillabugzillaMatch3.5.3

mozillabugzillaMatch3.6

mozillabugzillaMatch3.6.1

mozillabugzillaMatch3.7

mozillabugzillaMatch3.7.1

mozillabugzillaMatch3.7.2

VendorProductVersionCPE
mozillabugzilla2.4cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*
mozillabugzilla2.6cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*
mozillabugzilla2.8cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*
mozillabugzilla2.9cpe:2.3:a:mozilla:bugzilla:2.9:*:*:*:*:*:*:*
mozillabugzilla2.22cpe:2.3:a:mozilla:bugzilla:2.22:*:*:*:*:*:*:*
mozillabugzilla2.22cpe:2.3:a:mozilla:bugzilla:2.22:rc1:*:*:*:*:*:*
mozillabugzilla2.22.1cpe:2.3:a:mozilla:bugzilla:2.22.1:*:*:*:*:*:*:*
mozillabugzilla2.22.3cpe:2.3:a:mozilla:bugzilla:2.22.3:*:*:*:*:*:*:*
mozillabugzilla2.22.4cpe:2.3:a:mozilla:bugzilla:2.22.4:*:*:*:*:*:*:*
mozillabugzilla2.22.5cpe:2.3:a:mozilla:bugzilla:2.22.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	bugzilla	2.4	cpe:2.3:a:mozilla:bugzilla:2.4:::::::*
mozilla	bugzilla	2.6	cpe:2.3:a:mozilla:bugzilla:2.6:::::::*
mozilla	bugzilla	2.8	cpe:2.3:a:mozilla:bugzilla:2.8:::::::*
mozilla	bugzilla	2.9	cpe:2.3:a:mozilla:bugzilla:2.9:::::::*
mozilla	bugzilla	2.22	cpe:2.3:a:mozilla:bugzilla:2.22:::::::*
mozilla	bugzilla	2.22	cpe:2.3:a:mozilla:bugzilla:2.22:rc1::::::
mozilla	bugzilla	2.22.1	cpe:2.3:a:mozilla:bugzilla:2.22.1:::::::*
mozilla	bugzilla	2.22.3	cpe:2.3:a:mozilla:bugzilla:2.22.3:::::::*
mozilla	bugzilla	2.22.4	cpe:2.3:a:mozilla:bugzilla:2.22.4:::::::*
mozilla	bugzilla	2.22.5	cpe:2.3:a:mozilla:bugzilla:2.22.5:::::::*