Unknown
CVE-2008-2105
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- bugzilla 2.10,
- bugzilla 2.12,
- bugzilla 2.14,
- bugzilla 2.14.1,
- bugzilla 2.14.2,
- bugzilla 2.14.3,
- bugzilla 2.14.4,
- bugzilla 2.14.5,
- bugzilla 2.16,
- bugzilla 2.16 rc2,
- bugzilla 2.16.1,
- bugzilla 2.16.10,
- bugzilla 2.16.11,
- bugzilla 2.16.2,
- bugzilla 2.16.3,
- bugzilla 2.16.4,
- bugzilla 2.16.5,
- bugzilla 2.16.6,
- bugzilla 2.16.7,
- bugzilla 2.16.8,
- bugzilla 2.16.9,
- bugzilla 2.17.1,
- bugzilla 2.17.2,
- bugzilla 2.17.3,
- bugzilla 2.17.4,
- bugzilla 2.17.5,
- bugzilla 2.17.6,
- bugzilla 2.17.7,
- bugzilla 2.18,
- bugzilla 2.18.1,
- bugzilla 2.18.2,
- bugzilla 2.18.3,
- bugzilla 2.18.4,
- bugzilla 2.18.5,
- bugzilla 2.18.6,
- bugzilla 2.19.1,
- bugzilla 2.19.2,
- bugzilla 2.19.3,
- bugzilla 2.20,
- bugzilla 2.20.1,
- bugzilla 2.20.2,
- bugzilla 2.20.3,
- bugzilla 2.20.4,
- bugzilla 2.20.5,
- bugzilla 2.20.6,
- bugzilla 2.21.1,
- bugzilla 2.21.2,
- bugzilla 2.22,
- bugzilla 2.22.1,
- bugzilla 2.22.2,
- bugzilla 2.22.3,
- bugzilla 2.22.4,
- bugzilla 2.23,
- bugzilla 2.23.1,
- bugzilla 2.23.2,
- bugzilla 2.23.3,
- bugzilla 2.23.4,
- bugzilla 2.4,
- bugzilla 2.6,
- bugzilla 2.8,
- bugzilla 3.0.0,
- bugzilla 3.0.1,
- bugzilla 3.0.2,
- bugzilla 3.1.0,
- bugzilla 3.1.1,
- bugzilla 3.1.2
References
Advisory
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
