Vulnerability Details CVE-2008-2105
email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.9%
CVSS Severity
CVSS v2 Score 3.5
References
- http://secunia.com/advisories/30064
- http://secunia.com/advisories/30167
- http://www.bugzilla.org/security/2.20.5/
- http://www.securityfocus.com/bid/29038
- http://www.securitytracker.com/id?1019969
- http://www.vupen.com/english/advisories/2008/1428/references
- https://bugzilla.mozilla.org/show_bug.cgi?id=419188
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42235
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00098.html
- http://secunia.com/advisories/30064
- http://secunia.com/advisories/30167
- http://www.bugzilla.org/security/2.20.5/
- http://www.securityfocus.com/bid/29038
- http://www.securitytracker.com/id?1019969
- http://www.vupen.com/english/advisories/2008/1428/references
- https://bugzilla.mozilla.org/show_bug.cgi?id=419188
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42235
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00098.html
Products affected by CVE-2008-2105
-
cpe:2.3:a:mozilla:bugzilla:2.10
-
cpe:2.3:a:mozilla:bugzilla:2.12
-
cpe:2.3:a:mozilla:bugzilla:2.14
-
cpe:2.3:a:mozilla:bugzilla:2.14.1
-
cpe:2.3:a:mozilla:bugzilla:2.14.2
-
cpe:2.3:a:mozilla:bugzilla:2.14.3
-
cpe:2.3:a:mozilla:bugzilla:2.14.4
-
cpe:2.3:a:mozilla:bugzilla:2.14.5
-
cpe:2.3:a:mozilla:bugzilla:2.16
-
cpe:2.3:a:mozilla:bugzilla:2.16.1
-
cpe:2.3:a:mozilla:bugzilla:2.16.10
-
cpe:2.3:a:mozilla:bugzilla:2.16.11
-
cpe:2.3:a:mozilla:bugzilla:2.16.2
-
cpe:2.3:a:mozilla:bugzilla:2.16.3
-
cpe:2.3:a:mozilla:bugzilla:2.16.4
-
cpe:2.3:a:mozilla:bugzilla:2.16.5
-
cpe:2.3:a:mozilla:bugzilla:2.16.6
-
cpe:2.3:a:mozilla:bugzilla:2.16.7
-
cpe:2.3:a:mozilla:bugzilla:2.16.8
-
cpe:2.3:a:mozilla:bugzilla:2.16.9
-
cpe:2.3:a:mozilla:bugzilla:2.16_rc2
-
cpe:2.3:a:mozilla:bugzilla:2.17.1
-
cpe:2.3:a:mozilla:bugzilla:2.17.2
-
cpe:2.3:a:mozilla:bugzilla:2.17.3
-
cpe:2.3:a:mozilla:bugzilla:2.17.4
-
cpe:2.3:a:mozilla:bugzilla:2.17.5
-
cpe:2.3:a:mozilla:bugzilla:2.17.6
-
cpe:2.3:a:mozilla:bugzilla:2.17.7
-
cpe:2.3:a:mozilla:bugzilla:2.18
-
cpe:2.3:a:mozilla:bugzilla:2.18.1
-
cpe:2.3:a:mozilla:bugzilla:2.18.2
-
cpe:2.3:a:mozilla:bugzilla:2.18.3
-
cpe:2.3:a:mozilla:bugzilla:2.18.4
-
cpe:2.3:a:mozilla:bugzilla:2.18.5
-
cpe:2.3:a:mozilla:bugzilla:2.18.6
-
cpe:2.3:a:mozilla:bugzilla:2.19.1
-
cpe:2.3:a:mozilla:bugzilla:2.19.2
-
cpe:2.3:a:mozilla:bugzilla:2.19.3
-
cpe:2.3:a:mozilla:bugzilla:2.20
-
cpe:2.3:a:mozilla:bugzilla:2.20.1
-
cpe:2.3:a:mozilla:bugzilla:2.20.2
-
cpe:2.3:a:mozilla:bugzilla:2.20.3
-
cpe:2.3:a:mozilla:bugzilla:2.20.4
-
cpe:2.3:a:mozilla:bugzilla:2.20.5
-
cpe:2.3:a:mozilla:bugzilla:2.20.6
-
cpe:2.3:a:mozilla:bugzilla:2.21.1
-
cpe:2.3:a:mozilla:bugzilla:2.21.2
-
cpe:2.3:a:mozilla:bugzilla:2.22
-
cpe:2.3:a:mozilla:bugzilla:2.22.1
-
cpe:2.3:a:mozilla:bugzilla:2.22.2
-
cpe:2.3:a:mozilla:bugzilla:2.22.3
-
cpe:2.3:a:mozilla:bugzilla:2.22.4
-
cpe:2.3:a:mozilla:bugzilla:2.23
-
cpe:2.3:a:mozilla:bugzilla:2.23.1
-
cpe:2.3:a:mozilla:bugzilla:2.23.2
-
cpe:2.3:a:mozilla:bugzilla:2.23.3
-
cpe:2.3:a:mozilla:bugzilla:2.23.4
-
cpe:2.3:a:mozilla:bugzilla:2.4
-
cpe:2.3:a:mozilla:bugzilla:2.6
-
cpe:2.3:a:mozilla:bugzilla:2.8
-
cpe:2.3:a:mozilla:bugzilla:3.0.0
-
cpe:2.3:a:mozilla:bugzilla:3.0.1
-
cpe:2.3:a:mozilla:bugzilla:3.0.2
-
cpe:2.3:a:mozilla:bugzilla:3.1.0
-
cpe:2.3:a:mozilla:bugzilla:3.1.1
-
cpe:2.3:a:mozilla:bugzilla:3.1.2