CVE-2014-8630

CWE-77 — Command Injection6 documents4 sources

Severity

6.5MEDIUM

EPSS

0.6%

top 29.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla Fedoraproject Fedora

Timeline

PublishedFeb 1

Latest updateMay 17

Description

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/bugzilla4.0.16+34

Also affects: Fedora 20, 21

Patches

Patch: www.bugzilla.org ↗Patch: www.bugzilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-hwjw-h532-j9qq: Bugzilla before 4↗2022-05-17

▶

CVEList

CVE-2014-8630: Bugzilla before 4↗2015-02-01

▶

💬Community

Bugzilla

CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes↗2015-01-23

▶

Bugzilla

CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes [epel-all]↗2015-01-23

▶

Bugzilla

CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes [fedora-all]↗2015-01-23

▶