CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
65.7%
The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7,
3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send
impersonation notifications, which makes it easier for remote authenticated
users to impersonate other users without discovery.