CVE-2005-1564

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.10 through 2.18 Bugzilla version 2.19.1 Bugzilla version 2.19.2

Description The issue allows remote authenticated users to enter bugs into products that are closed for bug entry by modifying the URL to specify the name of the product. This is possible due to a flaw in the post bug.cgi script.

Recommendations For Bugzilla versions 2.10 through 2.18, update the post bug.cgi script to properly validate product permissions. For Bugzilla version 2.19.1, restrict access to the post bug.cgi script until a proper fix is applied. For Bugzilla version 2.19.2, consider disabling the post bug.cgi script temporarily to prevent unauthorized bug entry.