CVE-2008-2104 - Vulnerability Details - OpenCVE

The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Bugzilla

Configuration 1 [-]

cpe:2.3:a:mozilla:bugzilla:3.1.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/30064
http://www.bugzilla.org/security/2.20.5/
http://www.securityfocus.com/bid/29038
http://www.securitytracker.com/id?1019968
http://www.vupen.com/english/advisories/2008/1428/references
https://bugzilla.mozilla.org/show_bug.cgi?id=415471
https://exchange.xforce.ibmcloud.com/vulnerabilities/42218
https://www.cve.org/CVERecord?id=CVE-2008-2104

History

Wed, 28 May 2025 14:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cve.org/CVERecord?id=CVE-2008-2104

Thu, 22 May 2025 04:30:00 +0000

Type	Values Removed	Values Added
References	https://nvd.nist.gov/vuln/detail/CVE-2008-2104 https://www.cve.org/CVERecord?id=CVE-2008-2104

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-05-07T20:07:00

Updated: 2024-08-07T08:49:57.548Z

Reserved: 2008-05-07T00:00:00

Link: CVE-2008-2104

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-05-07T20:20:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-2104

Redhat

Severity : Moderate

Publid Date: 2008-05-04T00:00:00Z

Links: CVE-2008-2104 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-04T00:00:00", "descriptions": [{"lang": "en", "value": "The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "29038", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29038"}, {"name": "1019968", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019968"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=415471"}, {"name": "30064", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30064"}, {"name": "bugzilla-xmlrpc-security-bypass(42218)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42218"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.bugzilla.org/security/2.20.5/"}, {"name": "ADV-2008-1428", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1428/references"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2104", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29038", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29038"}, {"name": "1019968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019968"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=415471", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=415471"}, {"name": "30064", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30064"}, {"name": "bugzilla-xmlrpc-security-bypass(42218)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42218"}, {"name": "http://www.bugzilla.org/security/2.20.5/", "refsource": "CONFIRM", "url": "http://www.bugzilla.org/security/2.20.5/"}, {"name": "ADV-2008-1428", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1428/references"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:49:57.548Z"}, "title": "CVE Program Container", "references": [{"name": "29038", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29038"}, {"name": "1019968", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019968"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=415471"}, {"name": "30064", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30064"}, {"name": "bugzilla-xmlrpc-security-bypass(42218)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42218"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.bugzilla.org/security/2.20.5/"}, {"name": "ADV-2008-1428", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1428/references"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2104", "datePublished": "2008-05-07T20:07:00", "dateReserved": "2008-05-07T00:00:00", "dateUpdated": "2024-08-07T08:49:57.548Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:bugzilla:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7090332F-4CC2-4ADD-AEEC-75238BCA55CC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check."}, {"lang": "es", "value": "El WebService en Bugzilla versi\u00f3n 3.1.3, permite a usuarios autentificados remotos sin privilegios canconfirm crear entradas de bug NEW o ASSIGNED por medio de una petici\u00f3n a la interfaz XML-RPC, que omite la comprobaci\u00f3n de canconfirm."}], "id": "CVE-2008-2104", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-05-07T20:20:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30064"}, {"source": "cve@mitre.org", "url": "http://www.bugzilla.org/security/2.20.5/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29038"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019968"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1428/references"}, {"source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=415471"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42218"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30064"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.bugzilla.org/security/2.20.5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019968"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1428/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=415471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42218"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}