Summary: | <www-apps/bugzilla-{4.0.15,4.2.11,4.4.6,4.5.6}: multiple vulnerabilities (CVE-2014-{1571,1572,1573}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Rajiv Aaron Manglani <rajiv> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | andrew, bugzilla, creffett, jer, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Rajiv Aaron Manglani
2014-10-06 23:27:32 UTC
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/ has a writeup regarding this issue Bumped. Arches, please test and mark stable: =www-apps/bugzilla-4.2.11 =www-apps/bugzilla-4.4.6 Target arches: amd64 x86 CVE-2014-1573 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1573): Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name. CVE-2014-1572 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1572): The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted. CVE-2014-1571 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1571): Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template. amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Cleanup complete. GLSA vote: no. GLSA vote: no. Closed as [noglsa] |