CVE-2010-2757 — Mozilla Bugzilla vulnerability

CWE-3106 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

1.2%

top 20.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedAug 16

Latest updateMay 17

Description

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/bugzilla59 versions+58

🔴Vulnerability Details

GHSA

GHSA-r9mq-3g26-7wv8: The sudo feature in Bugzilla 2↗2022-05-17

▶

CVEList

CVE-2010-2757: The sudo feature in Bugzilla 2↗2010-08-13

▶

💥Exploits & PoCs

Exploit-DB

IA WebMail Server 3.x - Remote Buffer Overflow (Metasploit)↗2010-05-09

▶

💬Community

Bugzilla

CVE-2010-2756 CVE-2010-2757 CVE-2010-2758 CVE-2010-2759 bugzilla: multiple vulnerabilities corrected in 3.4.8/3.6.2 [fedora-all]↗2010-08-11

▶

Bugzilla

CVE-2010-2756 CVE-2010-2757 CVE-2010-2758 CVE-2010-2759 bugzilla: multiple vulnerabilities corrected in 3.4.8/3.6.2↗2010-08-11

▶