|
|
CVE Reference: CVE-2008-2105 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-2105 |
|
|
Description: email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.3, and 3.1.x before 3.1.3 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/42235 ST 1019969 SAID Secunia Advisory: SA30064 Secunia Advisory: SA30167 FEDORA CONFIRM http://www.bugzilla.org/security/2.20.5/ BID 29038 |
|
| Return to the previous page. |
