CVE-2008-6098

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to approve.

Affected Software

Name	Vendor	Start Version	End Version
Bugzilla	Mozilla	2.17.4 (including)	2.17.4 (including)
Bugzilla	Mozilla	2.17.5 (including)	2.17.5 (including)
Bugzilla	Mozilla	2.17.6 (including)	2.17.6 (including)
Bugzilla	Mozilla	2.17.7 (including)	2.17.7 (including)
Bugzilla	Mozilla	2.18 (including)	2.18 (including)
Bugzilla	Mozilla	2.18-rc1 (including)	2.18-rc1 (including)
Bugzilla	Mozilla	2.18-rc2 (including)	2.18-rc2 (including)
Bugzilla	Mozilla	2.18-rc3 (including)	2.18-rc3 (including)
Bugzilla	Mozilla	2.18.1 (including)	2.18.1 (including)
Bugzilla	Mozilla	2.18.2 (including)	2.18.2 (including)
Bugzilla	Mozilla	2.18.3 (including)	2.18.3 (including)
Bugzilla	Mozilla	2.18.4 (including)	2.18.4 (including)
Bugzilla	Mozilla	2.18.5 (including)	2.18.5 (including)
Bugzilla	Mozilla	2.18.6 (including)	2.18.6 (including)
Bugzilla	Mozilla	2.18.7 (including)	2.18.7 (including)
Bugzilla	Mozilla	2.18.8 (including)	2.18.8 (including)
Bugzilla	Mozilla	2.18.9 (including)	2.18.9 (including)
Bugzilla	Mozilla	2.19 (including)	2.19 (including)
Bugzilla	Mozilla	2.19.1 (including)	2.19.1 (including)
Bugzilla	Mozilla	2.19.2 (including)	2.19.2 (including)
Bugzilla	Mozilla	2.19.3 (including)	2.19.3 (including)
Bugzilla	Mozilla	2.20 (including)	2.20 (including)
Bugzilla	Mozilla	2.20-rc1 (including)	2.20-rc1 (including)
Bugzilla	Mozilla	2.20-rc2 (including)	2.20-rc2 (including)
Bugzilla	Mozilla	2.20.1 (including)	2.20.1 (including)
Bugzilla	Mozilla	2.20.2 (including)	2.20.2 (including)
Bugzilla	Mozilla	2.20.3 (including)	2.20.3 (including)
Bugzilla	Mozilla	2.20.4 (including)	2.20.4 (including)
Bugzilla	Mozilla	2.20.5 (including)	2.20.5 (including)
Bugzilla	Mozilla	2.20.6 (including)	2.20.6 (including)
Bugzilla	Mozilla	2.21 (including)	2.21 (including)
Bugzilla	Mozilla	2.21.1 (including)	2.21.1 (including)
Bugzilla	Mozilla	2.21.2 (including)	2.21.2 (including)
Bugzilla	Mozilla	2.22 (including)	2.22 (including)
Bugzilla	Mozilla	2.22-rc1 (including)	2.22-rc1 (including)
Bugzilla	Mozilla	2.22.1 (including)	2.22.1 (including)
Bugzilla	Mozilla	2.22.2 (including)	2.22.2 (including)
Bugzilla	Mozilla	2.22.3 (including)	2.22.3 (including)
Bugzilla	Mozilla	2.22.4 (including)	2.22.4 (including)
Bugzilla	Mozilla	2.22.5 (including)	2.22.5 (including)
Bugzilla	Mozilla	2.22.6 (including)	2.22.6 (including)
Bugzilla	Mozilla	2.23 (including)	2.23 (including)
Bugzilla	Mozilla	2.23.1 (including)	2.23.1 (including)
Bugzilla	Mozilla	2.23.2 (including)	2.23.2 (including)
Bugzilla	Mozilla	2.23.3 (including)	2.23.3 (including)
Bugzilla	Mozilla	2.23.4 (including)	2.23.4 (including)
Bugzilla	Mozilla	3.0.0 (including)	3.0.0 (including)
Bugzilla	Mozilla	3.0.1 (including)	3.0.1 (including)
Bugzilla	Mozilla	3.0.2 (including)	3.0.2 (including)
Bugzilla	Mozilla	3.0.3 (including)	3.0.3 (including)
Bugzilla	Mozilla	3.0.4 (including)	3.0.4 (including)
Bugzilla	Mozilla	3.0.5 (including)	3.0.5 (including)
Bugzilla	Mozilla	3.0.6 (including)	3.0.6 (including)
Bugzilla	Mozilla	3.0.7 (including)	3.0.7 (including)
Bugzilla	Mozilla	3.0_rc1 (including)	3.0_rc1 (including)
Bugzilla	Mozilla	3.1.0 (including)	3.1.0 (including)
Bugzilla	Mozilla	3.1.1 (including)	3.1.1 (including)
Bugzilla	Mozilla	3.1.2 (including)	3.1.2 (including)
Bugzilla	Mozilla	3.1.3 (including)	3.1.3 (including)
Bugzilla	Mozilla	3.1.4 (including)	3.1.4 (including)
Bugzilla	Mozilla	3.2 (including)	3.2 (including)
Bugzilla	Mozilla	3.2.1 (including)	3.2.1 (including)
Bugzilla	Mozilla	3.3.1 (including)	3.3.1 (including)
Bugzilla	Mozilla	3.3.2 (including)	3.3.2 (including)
Bugzilla	Ubuntu	dapper	*
Bugzilla	Ubuntu	gutsy	*
Bugzilla	Ubuntu	hardy	*
Bugzilla	Ubuntu	intrepid	*
Bugzilla	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-6098
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References