CVE Vulnerabilities

CVE-2008-2105

Published: May 07, 2008 | Modified: Aug 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.5 LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses.

Affected Software

Name Vendor Start Version End Version
Bugzilla Mozilla 2.4 2.4
Bugzilla Mozilla 2.6 2.6
Bugzilla Mozilla 2.8 2.8
Bugzilla Mozilla 2.10 2.10
Bugzilla Mozilla 2.12 2.12
Bugzilla Mozilla 2.14 2.14
Bugzilla Mozilla 2.14.1 2.14.1
Bugzilla Mozilla 2.14.2 2.14.2
Bugzilla Mozilla 2.14.3 2.14.3
Bugzilla Mozilla 2.14.4 2.14.4
Bugzilla Mozilla 2.14.5 2.14.5
Bugzilla Mozilla 2.16 2.16
Bugzilla Mozilla 2.16.1 2.16.1
Bugzilla Mozilla 2.16.2 2.16.2
Bugzilla Mozilla 2.16.3 2.16.3
Bugzilla Mozilla 2.16.4 2.16.4
Bugzilla Mozilla 2.16.5 2.16.5
Bugzilla Mozilla 2.16.6 2.16.6
Bugzilla Mozilla 2.16.7 2.16.7
Bugzilla Mozilla 2.16.8 2.16.8
Bugzilla Mozilla 2.16.9 2.16.9
Bugzilla Mozilla 2.16.10 2.16.10
Bugzilla Mozilla 2.16.11 2.16.11
Bugzilla Mozilla 2.16_rc2 2.16_rc2
Bugzilla Mozilla 2.17.1 2.17.1
Bugzilla Mozilla 2.17.2 2.17.2
Bugzilla Mozilla 2.17.3 2.17.3
Bugzilla Mozilla 2.17.4 2.17.4
Bugzilla Mozilla 2.17.5 2.17.5
Bugzilla Mozilla 2.17.6 2.17.6
Bugzilla Mozilla 2.17.7 2.17.7
Bugzilla Mozilla 2.18 2.18
Bugzilla Mozilla 2.18 2.18
Bugzilla Mozilla 2.18 2.18
Bugzilla Mozilla 2.18.1 2.18.1
Bugzilla Mozilla 2.18.2 2.18.2
Bugzilla Mozilla 2.18.3 2.18.3
Bugzilla Mozilla 2.18.4 2.18.4
Bugzilla Mozilla 2.18.5 2.18.5
Bugzilla Mozilla 2.18.6 2.18.6
Bugzilla Mozilla 2.19.1 2.19.1
Bugzilla Mozilla 2.19.2 2.19.2
Bugzilla Mozilla 2.19.3 2.19.3
Bugzilla Mozilla 2.20 2.20
Bugzilla Mozilla 2.20 2.20
Bugzilla Mozilla 2.20.1 2.20.1
Bugzilla Mozilla 2.20.2 2.20.2
Bugzilla Mozilla 2.20.3 2.20.3
Bugzilla Mozilla 2.20.4 2.20.4
Bugzilla Mozilla 2.20.5 2.20.5
Bugzilla Mozilla 2.20.6 2.20.6
Bugzilla Mozilla 2.21.1 2.21.1
Bugzilla Mozilla 2.21.2 2.21.2
Bugzilla Mozilla 2.22 2.22
Bugzilla Mozilla 2.22 2.22
Bugzilla Mozilla 2.22.1 2.22.1
Bugzilla Mozilla 2.22.2 2.22.2
Bugzilla Mozilla 2.22.3 2.22.3
Bugzilla Mozilla 2.22.4 2.22.4
Bugzilla Mozilla 2.23 2.23
Bugzilla Mozilla 2.23.1 2.23.1
Bugzilla Mozilla 2.23.2 2.23.2
Bugzilla Mozilla 2.23.3 2.23.3
Bugzilla Mozilla 2.23.4 2.23.4
Bugzilla Mozilla 3.0.0 3.0.0
Bugzilla Mozilla 3.0.1 3.0.1
Bugzilla Mozilla 3.0.2 3.0.2
Bugzilla Mozilla 3.1.0 3.1.0
Bugzilla Mozilla 3.1.1 3.1.1
Bugzilla Mozilla 3.1.2 3.1.2
Bugzilla Ubuntu upstream *

References