CVE-2008-2104
Published: 7 May 2008
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
Notes
Author | Note |
---|---|
kees | this should really be for bugzilla3 but it's not in intrepid yet |
wgrant | it's a regression in 3.1.3, and we don't have >3.0.4 anywhere. |