https://bugzilla.redhat.com/show_bug.cgi?id=1150091
Bug ID: 1150091 Summary: CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla: security fixes release Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: vkaigoro@redhat.com CC: bazanluis20@gmail.com, emmanuel@seyman.fr, itamar@ispbrasil.com.br, mcepl@redhat.com, perl-devel@lists.fedoraproject.org
Upstream has issued an advisory today (October 6): http://www.bugzilla.org/security/4.0.14/
Class: Unauthorized Account Creation Versions: 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5 Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6 Description: An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name could be automatically added to groups based on the group's regular expression setting. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1074812 CVE Number: CVE-2014-1572
Class: Cross-Site Scripting Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5 Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6 Description: During an audit of the Bugzilla code base, several places were found where cross-site scripting exploits could occur which could allow an attacker to access sensitive information. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1075578 CVE Number: CVE-2014-1573
Class: Information Leak Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5 Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6 Description: If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1064140 CVE Number: CVE-2014-1571
Class: Social Engineering Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5 Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6 Description: Search results can be exported as a CSV file which can then be imported into external spreadsheet programs. Specially formatted field values can be interpreted as formulas which can be executed and used to attack a user's computer. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1054702