Note: The red stoplight on this page indicates the highest possible severity level for this category of vulnerabilities. The actual severity level in this instance is indicated by the colored dot beside the link to this tutorial on the previous page.
1/13/03
The following vulnerabilities affect Bugzilla 2.17 through 2.17.2, 2.16, 2.16.1, and versions prior to 2.14.5:
10/15/02
Bugzilla 2.16, 2.15, and versions prior to 2.14.4 are
affected by additional vulnerabilities, including:
1/11/02
6/14/02
CAN 2001-1401
CAN 2001-1402
CAN 2001-1403
CVE 2002-0007
CAN 2002-0008
CVE 2002-0009
CAN 2002-0010
CVE 2002-0011
CAN 2002-0803
CVE 2002-0804
CVE 2002-0805
CVE 2002-0806
CAN 2002-0807
CVE 2002-0808
CVE 2002-0809
CVE 2002-0810
CAN 2002-0811
Older versions of Bugzilla are affected by additional
vulnerabilities ranging from cross-site scripting to
account hijacking. Bugzilla versions prior to 2.14.2, version
2.15, and version 2.16 prior to rc2
are affected by these vulnerabilities.
CAN 2001-0329
CVE 2001-0330
In versions prior to 2.12, two CGI scripts included in Bugzilla
lead to further vulnerabilities. The first script, globals.pl, could
reveal sensitive information such as path names and database passwords.
The second, process_bug.cgi, could allow a remote attacker
to execute arbitrary commands if the attacker registers with Bugzilla
with a specially crafted e-mail address containing shell commands.
The older vulnerabilities were reported in Bugtraq, Bugtraq, @stake advisory 04.30.01, and a Bugzilla Security Advisory.