CVE-2007-5038Mozilla Bugzilla vulnerability

CWE-2643 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.0%
top 23.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedSep 24
Latest updateMay 1

Description

The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmozilla/bugzilla4 versions+3

Patches

Patch: secunia.comPatch: www.bugzilla.orgPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-vwm5-27p4-hp3w: The offer_account_by_email function in User2022-05-01
CVEList
CVE-2007-5038: The offer_account_by_email function in User2007-09-24
CVE-2007-5038 — Mozilla Bugzilla vulnerability | cvebase