CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
93.6%
The Bugzilla development team reports:
Bugzilla::WebService::User::offer_account_by_email does
not check the “createemailregexp” parameter, and thus
allows users to create accounts who would normally be
denied account creation. The “emailregexp” parameter is
still checked. If you do not have the SOAP::Lite Perl
module installed on your Bugzilla system, your system is
not vulnerable (because the Bugzilla WebService will not
be enabled).