process_bug.cgi in Bugzilla 2.9 up to and including 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 2.10 |
||
mozilla bugzilla 2.14.5 |
||
mozilla bugzilla 2.16 |
||
mozilla bugzilla 2.16.1 |
||
mozilla bugzilla 2.17.3 |
||
mozilla bugzilla 2.17.4 |
||
mozilla bugzilla 2.9 |
||
mozilla bugzilla 2.14.1 |
||
mozilla bugzilla 2.14.2 |
||
mozilla bugzilla 2.16.4 |
||
mozilla bugzilla 2.16.5 |
||
mozilla bugzilla 2.17.7 |
||
mozilla bugzilla 2.18 |
||
mozilla bugzilla 2.14.3 |
||
mozilla bugzilla 2.14.4 |
||
mozilla bugzilla 2.17 |
||
mozilla bugzilla 2.17.1 |
||
mozilla bugzilla 2.19 |
||
mozilla bugzilla 2.12 |
||
mozilla bugzilla 2.14 |
||
mozilla bugzilla 2.16.2 |
||
mozilla bugzilla 2.16.3 |
||
mozilla bugzilla 2.17.5 |
||
mozilla bugzilla 2.17.6 |