CVE-2008-2104

Published: May 7, 2008Modified: Apr 23, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.

Affected (1)

Products: Mozilla: Bugzilla

Mozilla

1 product

Bugzilla

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 3.1.3

Related CWEs

CWE-264

References (14)

http://secunia.com/advisories/30064

Source: cve@mitre.org

Vendor Advisory

http://www.bugzilla.org/security/2.20.5/

Source: cve@mitre.org

http://www.securityfocus.com/bid/29038

Source: cve@mitre.org

http://www.securitytracker.com/id?1019968

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1428/references

Source: cve@mitre.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=415471

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/42218

Source: cve@mitre.org

http://secunia.com/advisories/30064