CVE-2007-4539

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.23.3 through 3.0.0

Description The issue concerns the WebService (XML-RPC) interface, which fails to enforce permissions for certain bug fields. This allows remote attackers to obtain sensitive information via specific XML-RPC requests, such as accessing the Deadline and Estimated Time fields.

Recommendations For Bugzilla versions 2.23.3 through 3.0.0, consider restricting access to the WebService (XML-RPC) interface until a fix is available, and limit the visibility of sensitive fields like Deadline and Estimated Time to authorized users.