Bugzilla Bug

Sep 23, 2015

Bug database has a bug of its own that could allow an intruder to create an unauthorized account.

The Bugzilla bug database system has a flaw that could allow an attacker to access the database and read about potential exploits before the patch is released to the public. The problem affects Bugzilla implementations that use email-based permissions. Login names longer than 127 characters are “silently truncated in MySQL,” which could allow an attacker to assign permissions to an email address that is different from the address originally requested.

The fix for this bug is included in the Bugzilla 4.2.15, 4.4.10, and 5.0.1 releases. All Bugzilla users are encouraged to upgrade.

Related content

comments powered by Disqus

Issue 205/2017

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia