Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2008-2105
HistoryMay 07, 2008 - 12:00 a.m.

CVE-2008-2105

2008-05-0700:00:00
ubuntu.com
ubuntu.com
10

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.005

Percentile

77.0%

JSON

email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4
allows remote authenticated users to more easily spoof the changer of a bug
via a @reporter command in the body of an e-mail message, which overrides
the e-mail address as normally obtained from the From e-mail header. NOTE:
since From headers are easily spoofed, this only crosses privilege
boundaries in environments that provide additional verification of e-mail
addresses.

Notes

Author Note
kees this really should be for bugzilla3 but it’s not in intrepid yet
wgrant our 2.x releases are too old, and 3.0.4 is too new.

Related

cvelist 1
nvd 1
cve 1
prion 1
openvas 6
nessus 3
fedora 3
cvelist
cvelist
CVE-2008-2105
2008-05-07 20:07:00
nvd
nvd
CVE-2008-2105
2008-05-07 20:20:00
cve
cve
CVE-2008-2105
2008-05-07 20:20:00
prion
prion
Command injection
2008-05-07 20:20:00
openvas
openvas
Fedora Update for bugzilla FEDORA-2008-3442
2009-02-17 00:00:00
Fedora Update for bugzilla FEDORA-2008-3442
2009-02-17 00:00:00
Fedora Update for bugzilla FEDORA-2008-3668
2009-02-17 00:00:00
nessus
nessus
Fedora 9 : bugzilla-3.0.4-1.fc9 (2008-3668)
2008-05-16 00:00:00
Fedora 7 : bugzilla-3.0.4-1.fc7 (2008-3488)
2008-05-11 00:00:00
Fedora 8 : bugzilla-3.0.4-1.fc8 (2008-3442)
2008-05-11 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: bugzilla-3.0.4-1.fc7
2008-05-10 13:57:32
[SECURITY] Fedora 9 Update: bugzilla-3.0.4-1.fc9
2008-05-13 15:27:05
[SECURITY] Fedora 8 Update: bugzilla-3.0.4-1.fc8
2008-05-10 13:51:30

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.005

Percentile

77.0%

JSON
Related for UB:CVE-2008-2105
cvelist1nvd1cve1prion1openvas6nessus3fedora3