CVE-2008-2104

Severity CVSS v4.0:
Pending analysis
Type:
CWE-264 Permissions, Privileges, and Access Control
Publication date:
07/05/2008
Last modified:
09/04/2025

Description

The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mozilla:bugzilla:3.1.3:*:*:*:*:*:*:*