Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the del option.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Bugzilla | Mozilla | 2.14 (including) | 2.14 (including) |
Bugzilla | Mozilla | 2.14.1 (including) | 2.14.1 (including) |
Bugzilla | Mozilla | 2.16 (including) | 2.16 (including) |
Bugzilla | Mozilla | 2.16-rc1 (including) | 2.16-rc1 (including) |
Red Hat Powertools 7.0 | RedHat | * | |
Red Hat Powertools 7.1 | RedHat | * |