Published: 07/05/2008 Updated: 08/08/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

email_in.pl in Bugzilla 2.23.4, 3.0.x prior to 3.0.4, and 3.1.x prior to 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla bugzilla 2.10
mozilla bugzilla 2.12
mozilla bugzilla 2.14.4
mozilla bugzilla 2.14.5
mozilla bugzilla 2.16.5
mozilla bugzilla 2.16.6
mozilla bugzilla 2.17.3
mozilla bugzilla 2.17.4
mozilla bugzilla 2.18.4
mozilla bugzilla 2.18.5
mozilla bugzilla 2.19.3
mozilla bugzilla 2.20.1
mozilla bugzilla 2.21.1
mozilla bugzilla 2.21.2
mozilla bugzilla 2.23
mozilla bugzilla 2.23.1
mozilla bugzilla 3.0.0
mozilla bugzilla 3.0.1
mozilla bugzilla 2.14
mozilla bugzilla 2.14.1
mozilla bugzilla 2.16.11
mozilla bugzilla 2.16.2
mozilla bugzilla 2.16.9
mozilla bugzilla 2.16
mozilla bugzilla 2.17.7
mozilla bugzilla 2.18.1
mozilla bugzilla 2.18
mozilla bugzilla 2.20.4
mozilla bugzilla 2.20.5
mozilla bugzilla 2.20.6
mozilla bugzilla 2.22.2
mozilla bugzilla 2.22.3
mozilla bugzilla 2.23.4
mozilla bugzilla 2.4
mozilla bugzilla 3.1.2
mozilla bugzilla 2.16.1
mozilla bugzilla 2.16.10
mozilla bugzilla 2.16.7
mozilla bugzilla 2.16.8
mozilla bugzilla 2.17.5
mozilla bugzilla 2.17.6
mozilla bugzilla 2.18.6
mozilla bugzilla 2.20.2
mozilla bugzilla 2.20.3
mozilla bugzilla 2.22
mozilla bugzilla 2.22.1
mozilla bugzilla 2.23.2
mozilla bugzilla 2.23.3
mozilla bugzilla 3.0.2
mozilla bugzilla 3.1.0
mozilla bugzilla 3.1.1
mozilla bugzilla 2.14.2
mozilla bugzilla 2.14.3
mozilla bugzilla 2.16.3
mozilla bugzilla 2.16.4
mozilla bugzilla 2.16_rc2
mozilla bugzilla 2.17.1
mozilla bugzilla 2.17.2
mozilla bugzilla 2.18.2
mozilla bugzilla 2.18.3
mozilla bugzilla 2.19.1
mozilla bugzilla 2.19.2
mozilla bugzilla 2.20
mozilla bugzilla 2.22.4
mozilla bugzilla 2.6
mozilla bugzilla 2.8

CWE-264 http://www.bugzilla.org/security/2.20.5/https://bugzilla.mozilla.org/show_bug.cgi?id=419188 http://www.securityfocus.com/bid/29038 http://www.securitytracker.com/id?1019969 http://secunia.com/advisories/30064 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00098.html http://secunia.com/advisories/30167 http://www.vupen.com/english/advisories/2008/1428/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42235 https://nvd.nist.gov

Get Started

CVE-2008-2105

Vulnerability Summary

References

Vulmon Search

About

Products

Connect