CVE-2008-2104

Name of the Vulnerable Software and Affected Versions Bugzilla version 3.1.3

Description The issue allows remote authenticated users without canconfirm privileges to bypass the canconfirm check and create NEW or ASSIGNED bug entries. This is achieved by sending a request to the XML-RPC interface.

Recommendations For Bugzilla version 3.1.3, consider restricting access to the XML-RPC interface until a patch is available. As a temporary workaround, review and limit the creation of NEW or ASSIGNED bug entries by users without canconfirm privileges to minimize the risk of exploitation.