CVE-2010-2757

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.

Affected Software

Name	Vendor	Start Version	End Version
Bugzilla	Mozilla	2.4 (including)	2.4 (including)
Bugzilla	Mozilla	2.6 (including)	2.6 (including)
Bugzilla	Mozilla	2.8 (including)	2.8 (including)
Bugzilla	Mozilla	2.9 (including)	2.9 (including)
Bugzilla	Mozilla	2.22 (including)	2.22 (including)
Bugzilla	Mozilla	2.22-rc1 (including)	2.22-rc1 (including)
Bugzilla	Mozilla	2.22.1 (including)	2.22.1 (including)
Bugzilla	Mozilla	2.22.3 (including)	2.22.3 (including)
Bugzilla	Mozilla	2.22.4 (including)	2.22.4 (including)
Bugzilla	Mozilla	2.22.5 (including)	2.22.5 (including)
Bugzilla	Mozilla	2.22.6 (including)	2.22.6 (including)
Bugzilla	Mozilla	2.22.7 (including)	2.22.7 (including)
Bugzilla	Mozilla	2.23 (including)	2.23 (including)
Bugzilla	Mozilla	2.23.1 (including)	2.23.1 (including)
Bugzilla	Mozilla	2.23.2 (including)	2.23.2 (including)
Bugzilla	Mozilla	2.23.3 (including)	2.23.3 (including)
Bugzilla	Mozilla	2.23.4 (including)	2.23.4 (including)
Bugzilla	Mozilla	3.0 (including)	3.0 (including)
Bugzilla	Mozilla	3.0-rc1 (including)	3.0-rc1 (including)
Bugzilla	Mozilla	3.0.0 (including)	3.0.0 (including)
Bugzilla	Mozilla	3.0.1 (including)	3.0.1 (including)
Bugzilla	Mozilla	3.0.2 (including)	3.0.2 (including)
Bugzilla	Mozilla	3.0.3 (including)	3.0.3 (including)
Bugzilla	Mozilla	3.0.4 (including)	3.0.4 (including)
Bugzilla	Mozilla	3.0.5 (including)	3.0.5 (including)
Bugzilla	Mozilla	3.0.6 (including)	3.0.6 (including)
Bugzilla	Mozilla	3.0.7 (including)	3.0.7 (including)
Bugzilla	Mozilla	3.0.8 (including)	3.0.8 (including)
Bugzilla	Mozilla	3.0.9 (including)	3.0.9 (including)
Bugzilla	Mozilla	3.0.10 (including)	3.0.10 (including)
Bugzilla	Mozilla	3.0.11 (including)	3.0.11 (including)
Bugzilla	Mozilla	3.1.0 (including)	3.1.0 (including)
Bugzilla	Mozilla	3.1.1 (including)	3.1.1 (including)
Bugzilla	Mozilla	3.1.2 (including)	3.1.2 (including)
Bugzilla	Mozilla	3.1.3 (including)	3.1.3 (including)
Bugzilla	Mozilla	3.2 (including)	3.2 (including)
Bugzilla	Mozilla	3.2.2 (including)	3.2.2 (including)
Bugzilla	Mozilla	3.2.3 (including)	3.2.3 (including)
Bugzilla	Mozilla	3.2.4 (including)	3.2.4 (including)
Bugzilla	Mozilla	3.2.5 (including)	3.2.5 (including)
Bugzilla	Mozilla	3.2.6 (including)	3.2.6 (including)
Bugzilla	Mozilla	3.2.7 (including)	3.2.7 (including)
Bugzilla	Mozilla	3.3.1 (including)	3.3.1 (including)
Bugzilla	Mozilla	3.3.2 (including)	3.3.2 (including)
Bugzilla	Mozilla	3.3.3 (including)	3.3.3 (including)
Bugzilla	Mozilla	3.3.4 (including)	3.3.4 (including)
Bugzilla	Mozilla	3.4.1 (including)	3.4.1 (including)
Bugzilla	Mozilla	3.4.2 (including)	3.4.2 (including)
Bugzilla	Mozilla	3.4.3 (including)	3.4.3 (including)
Bugzilla	Mozilla	3.4.4 (including)	3.4.4 (including)
Bugzilla	Mozilla	3.4.5 (including)	3.4.5 (including)
Bugzilla	Mozilla	3.4.6 (including)	3.4.6 (including)
Bugzilla	Mozilla	3.4.7 (including)	3.4.7 (including)
Bugzilla	Mozilla	3.5.1 (including)	3.5.1 (including)
Bugzilla	Mozilla	3.5.2 (including)	3.5.2 (including)
Bugzilla	Mozilla	3.5.3 (including)	3.5.3 (including)
Bugzilla	Mozilla	3.6 (including)	3.6 (including)
Bugzilla	Mozilla	3.6.1 (including)	3.6.1 (including)
Bugzilla	Mozilla	3.7 (including)	3.7 (including)
Bugzilla	Mozilla	3.7.1 (including)	3.7.1 (including)
Bugzilla	Mozilla	3.7.2 (including)	3.7.2 (including)
Bugzilla	Ubuntu	dapper	*
Bugzilla	Ubuntu	hardy	*
Bugzilla	Ubuntu	jaunty	*
Bugzilla	Ubuntu	karmic	*
Bugzilla	Ubuntu	lucid	*
Bugzilla	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-2757
CWE	https://cwe.mitre.org/data/definitions/310.html

Affected Software

References