CVE-2008-6098 — Mozilla Bugzilla vulnerability

CWE-2648 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.4%

top 40.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedFeb 9

Latest updateMay 17

Description

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla58 versions+57

🔴Vulnerability Details

GHSA

GHSA-qm9g-29cj-wvp4: Bugzilla 3↗2022-05-17

▶

CVEList

CVE-2008-6098: Bugzilla 3↗2009-02-09

▶

📋Vendor Advisories

Red Hat

bugzilla: quip moderation bypass for authenticated users↗2008-08-09

▶

💬Community

Bugzilla

CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F9]↗2009-02-09

▶

Bugzilla

CVE-2008-6098 bugzilla: quip moderation bypass for authenticated users↗2009-02-09

▶

Bugzilla

CVE-2008-4437 CVE-2008-6098 CVE-2008-048[13456] bugzilla: multiple issues [Fdevel]↗2009-02-09

▶

Bugzilla

CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]↗2009-02-09

▶