CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
94.0%
A Bugzilla Security Advisory reports:
This advisory covers three security issues that have recently been
fixed in the Bugzilla code:
A possible cross-site scripting (XSS) vulnerability when filing
bugs using the guided form.
When using email_in.pl, insufficiently escaped data may be
passed to sendmail.
Users using the WebService interface may access Bugzilla’s
time-tracking fields even if they normally cannot see them.
We strongly advise that 2.20.x and 2.22.x users should upgrade to
2.20.5 and 2.22.3 respectively. 3.0 users, and users of 2.18.x or
below, should upgrade to 3.0.1.