CVE-2008-6098
First published: Mon Feb 09 2009(Updated: )
Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Bugzilla | =3.0.4 | |
| Mozilla Bugzilla | =3.1.3 | |
| Mozilla Bugzilla | =3.0.0 | |
| Mozilla Bugzilla | =3.3.2 | |
| Mozilla Bugzilla | =3.0.1 | |
| Mozilla Bugzilla | =2.18.8 | |
| Mozilla Bugzilla | =2.17.6 | |
| Mozilla Bugzilla | =2.18.5 | |
| Mozilla Bugzilla | =2.19.3 | |
| Mozilla Bugzilla | =2.20-rc2 | |
| Mozilla Bugzilla | =2.18.6 | |
| Mozilla Bugzilla | =2.20-rc1 | |
| Mozilla Bugzilla | =2.20 | |
| Mozilla Bugzilla | =2.19 | |
| Mozilla Bugzilla | =2.18-rc1 | |
| Mozilla Bugzilla | =3.1.1 | |
| Mozilla Bugzilla | =3.1.2 | |
| Mozilla Bugzilla | =2.20.5 | |
| Mozilla Bugzilla | =2.20.6 | |
| Mozilla Bugzilla | =2.22.3 | |
| Mozilla Bugzilla | =2.22.6 | |
| Mozilla Bugzilla | =2.17.4 | |
| Mozilla Bugzilla | =2.23.2 | |
| Mozilla Bugzilla | =2.21.2 | |
| Mozilla Bugzilla | =2.22.1 | |
| Mozilla Bugzilla | =2.23.4 | |
| Mozilla Bugzilla | =3.0.6 | |
| Mozilla Bugzilla | =2.20.1 | |
| Mozilla Bugzilla | =2.23.3 | |
| Mozilla Bugzilla | =3.0.7 | |
| Mozilla Bugzilla | =2.18.7 | |
| Mozilla Bugzilla | =2.23.1 | |
| Mozilla Bugzilla | =2.22.2 | |
| Mozilla Bugzilla | =2.18.1 | |
| Mozilla Bugzilla | =2.22-rc1 | |
| Mozilla Bugzilla | =2.22.5 | |
| Mozilla Bugzilla | =2.19.1 | |
| Mozilla Bugzilla | =3.1.4 | |
| Mozilla Bugzilla | =2.17.5 | |
| Mozilla Bugzilla | =2.22 | |
| Mozilla Bugzilla | =3.1.0 | |
| Mozilla Bugzilla | =3.0.3 | |
| Mozilla Bugzilla | =3.2 | |
| Mozilla Bugzilla | =2.20.3 | |
| Mozilla Bugzilla | =3.0.2 | |
| Mozilla Bugzilla | =2.18.4 | |
| Mozilla Bugzilla | =2.18.9 | |
| Mozilla Bugzilla | =2.18 | |
| Mozilla Bugzilla | =2.18.3 | |
| Mozilla Bugzilla | =2.17.7 | |
| Mozilla Bugzilla | =2.20.2 | |
| Mozilla Bugzilla | =2.20.4 | |
| Mozilla Bugzilla | =2.21.1 | |
| Mozilla Bugzilla | =2.18-rc3 | |
| Mozilla Bugzilla | =2.23 | |
| Mozilla Bugzilla | =2.18.2 | |
| Mozilla Bugzilla | =2.18-rc2 | |
| Mozilla Bugzilla | =3.0.5 | |
| Mozilla Bugzilla | =2.22.4 | |
| Mozilla Bugzilla | =2.21 | |
| Mozilla Bugzilla | =3.2.1 | |
| Mozilla Bugzilla | =3.3.1 | |
| Mozilla Bugzilla | =3.0_rc1 | |
| Mozilla Bugzilla | =2.19.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.bugzilla.org/security/2.20.6/
- https://bugzilla.mozilla.org/show_bug.cgi?id=449931
- http://secunia.com/advisories/32501
- http://www.securityfocus.com/bid/32178
- http://secunia.com/advisories/34361
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46424
Frequently Asked Questions
What is the severity of CVE-2008-6098?
The severity of CVE-2008-6098 is typically classified as medium, as it allows authenticated users to bypass moderation controls.
How do I fix CVE-2008-6098?
To fix CVE-2008-6098, update Bugzilla to version 3.2 RC2 or later for version 3.2, 3.0.6 for version 3.0, or appropriate fixes for other affected versions.
Who is affected by CVE-2008-6098?
CVE-2008-6098 affects Bugzilla versions prior to 3.2 RC2, including various versions of 3.0, 2.22, and earlier.
What type of vulnerability is CVE-2008-6098?
CVE-2008-6098 is a moderation bypass vulnerability that affects how quips are approved or disapproved in Bugzilla.
Is the exploitation of CVE-2008-6098 common?
While the exploit requires authenticated access, if exploited, it can lead to unauthorized approvals, making it a potential risk in environments with multiple users.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/mozilla
- canonical/mozilla bugzilla
- version/mozilla bugzilla/3.0.4
- version/mozilla bugzilla/3.1.3
- version/mozilla bugzilla/3.0.0
- version/mozilla bugzilla/3.3.2
- version/mozilla bugzilla/3.0.1
- version/mozilla bugzilla/2.18.8
- version/mozilla bugzilla/2.17.6
- version/mozilla bugzilla/2.18.5
- version/mozilla bugzilla/2.19.3
- version/mozilla bugzilla/2.20-rc2
- version/mozilla bugzilla/2.18.6
- version/mozilla bugzilla/2.20-rc1
- version/mozilla bugzilla/2.20
- version/mozilla bugzilla/2.19
- version/mozilla bugzilla/2.18-rc1
- version/mozilla bugzilla/3.1.1
- version/mozilla bugzilla/3.1.2
- version/mozilla bugzilla/2.20.5
- version/mozilla bugzilla/2.20.6
- version/mozilla bugzilla/2.22.3
- version/mozilla bugzilla/2.22.6
- version/mozilla bugzilla/2.17.4
- version/mozilla bugzilla/2.23.2
- version/mozilla bugzilla/2.21.2
- version/mozilla bugzilla/2.22.1
- version/mozilla bugzilla/2.23.4
- version/mozilla bugzilla/3.0.6
- version/mozilla bugzilla/2.20.1
- version/mozilla bugzilla/2.23.3
- version/mozilla bugzilla/3.0.7
- version/mozilla bugzilla/2.18.7
- version/mozilla bugzilla/2.23.1
- version/mozilla bugzilla/2.22.2
- version/mozilla bugzilla/2.18.1
- version/mozilla bugzilla/2.22-rc1
- version/mozilla bugzilla/2.22.5
- version/mozilla bugzilla/2.19.1
- version/mozilla bugzilla/3.1.4
- version/mozilla bugzilla/2.17.5
- version/mozilla bugzilla/2.22
- version/mozilla bugzilla/3.1.0
- version/mozilla bugzilla/3.0.3
- version/mozilla bugzilla/3.2
- version/mozilla bugzilla/2.20.3
- version/mozilla bugzilla/3.0.2
- version/mozilla bugzilla/2.18.4
- version/mozilla bugzilla/2.18.9
- version/mozilla bugzilla/2.18
- version/mozilla bugzilla/2.18.3
- version/mozilla bugzilla/2.17.7
- version/mozilla bugzilla/2.20.2
- version/mozilla bugzilla/2.20.4
- version/mozilla bugzilla/2.21.1
- version/mozilla bugzilla/2.18-rc3
- version/mozilla bugzilla/2.23
- version/mozilla bugzilla/2.18.2
- version/mozilla bugzilla/2.18-rc2
- version/mozilla bugzilla/3.0.5
- version/mozilla bugzilla/2.22.4
- version/mozilla bugzilla/2.21
- version/mozilla bugzilla/3.2.1
- version/mozilla bugzilla/3.3.1
- version/mozilla bugzilla/3.0_rc1
- version/mozilla bugzilla/2.19.2