Bugzilla Bug

Sep 23, 2015

Bug database has a bug of its own that could allow an intruder to create an unauthorized account.

The Bugzilla bug database system has a flaw that could allow an attacker to access the database and read about potential exploits before the patch is released to the public. The problem affects Bugzilla implementations that use email-based permissions. Login names longer than 127 characters are “silently truncated in MySQL,” which could allow an attacker to assign permissions to an email address that is different from the address originally requested.

The fix for this bug is included in the Bugzilla 4.2.15, 4.4.10, and 5.0.1 releases. All Bugzilla users are encouraged to upgrade.

Related content

comments powered by Disqus