CVE-2011-2978 in Bugzillainfo

Summary

Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 does not prevent changes to the confirmation e-mail address (aka old_email field) for e-mail change notifications, which makes it easier for remote attackers to perform arbitrary address changes by leveraging an unattended workstation.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

08/01/2011

Disclosure

08/09/2011

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

4.3

EPSS

0.00651

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-2978
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-2978
CVE Details	https://www.cvedetails.com/cve/CVE-2011-2978/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!