PT-2007-5710 · Mozilla · Bugzilla
Published
2007-08-27
·
Updated
2018-10-15
·
CVE-2007-4539
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Bugzilla versions 2.23.3 through 3.0.0
Description
The issue concerns the WebService (XML-RPC) interface, which fails to enforce permissions for certain bug fields. This allows remote attackers to obtain sensitive information via specific XML-RPC requests, such as accessing the
Deadline and Estimated Time fields.Recommendations
For Bugzilla versions 2.23.3 through 3.0.0, consider restricting access to the WebService (XML-RPC) interface until a fix is available, and limit the visibility of sensitive fields like
Deadline and Estimated Time to authorized users.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bugzilla