CVE-2011-3667 in Bugzillainfo

Summary

The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

09/23/2011

Disclosure

01/02/2012

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-287

CVSS

7.3

EPSS

0.00465

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-3667
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-3667
CVE Details	https://www.cvedetails.com/cve/CVE-2011-3667/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!