The sudo feature in Bugzilla 2.22rc1 up to and including 3.2.7, 3.3.1 up to and including 3.4.7, 3.5.1 up to and including 3.6.1, and 3.7 up to and including 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
mozilla bugzilla 2.22.5 |
||
mozilla bugzilla 2.22.6 |
||
mozilla bugzilla 2.23.4 |
||
mozilla bugzilla 2.4 |
||
mozilla bugzilla 3.0.11 |
||
mozilla bugzilla 3.0.2 |
||
mozilla bugzilla 3.0.9 |
||
mozilla bugzilla 3.0 |
||
mozilla bugzilla 3.2 |
||
mozilla bugzilla 2.22.7 |
||
mozilla bugzilla 2.22 |
||
mozilla bugzilla 2.6 |
||
mozilla bugzilla 2.8 |
||
mozilla bugzilla 3.0.3 |
||
mozilla bugzilla 3.0.4 |
||
mozilla bugzilla 3.1.0 |
||
mozilla bugzilla 3.1.1 |
||
mozilla bugzilla 3.1.3 |
||
mozilla bugzilla 3.2.6 |
||
mozilla bugzilla 3.4.3 |
||
mozilla bugzilla 3.4.4 |
||
mozilla bugzilla 3.6 |
||
mozilla bugzilla 3.6.1 |
||
mozilla bugzilla 2.22.3 |
||
mozilla bugzilla 2.22.4 |
||
mozilla bugzilla 2.23.2 |
||
mozilla bugzilla 2.23.3 |
||
mozilla bugzilla 3.0.0 |
||
mozilla bugzilla 3.0.1 |
||
mozilla bugzilla 3.0.10 |
||
mozilla bugzilla 3.0.7 |
||
mozilla bugzilla 3.0.8 |
||
mozilla bugzilla 3.2.3 |
||
mozilla bugzilla 3.2.2 |
||
mozilla bugzilla 3.3.3 |
||
mozilla bugzilla 3.3.4 |
||
mozilla bugzilla 3.4.7 |
||
mozilla bugzilla 3.5.1 |
||
mozilla bugzilla 3.7.2 |
||
mozilla bugzilla 3.1.2 |
||
mozilla bugzilla 3.4.1 |
||
mozilla bugzilla 3.4.2 |
||
mozilla bugzilla 3.5.2 |
||
mozilla bugzilla 3.5.3 |
||
mozilla bugzilla 2.22.1 |
||
mozilla bugzilla 2.23 |
||
mozilla bugzilla 2.23.1 |
||
mozilla bugzilla 2.9 |
||
mozilla bugzilla 3.0.5 |
||
mozilla bugzilla 3.0.6 |
||
mozilla bugzilla 3.2.5 |
||
mozilla bugzilla 3.2.4 |
||
mozilla bugzilla 3.2.7 |
||
mozilla bugzilla 3.3.1 |
||
mozilla bugzilla 3.3.2 |
||
mozilla bugzilla 3.4.5 |
||
mozilla bugzilla 3.4.6 |
||
mozilla bugzilla 3.7 |
||
mozilla bugzilla 3.7.1 |
Vulmon