Bugzilla XSS Vulnerability (CVE-2014-1573)
Release date: 2014-10-09
Updated on: 2014-10-09
Affected Systems:
Bugzilla 4.5.1-4.5.5
Bugzilla 4.3.1-4.4.5
Bugzilla 4.1.1-4.2.10
Bugzilla 2.17.1-4.0.14
Unaffected system:
Bugzilla 4.5.6
Bugzilla 4.4.6
Bugzilla 4.2.11
Bugzilla 4.0.15
Description:
CVE (CAN) ID: CVE-2014-1573
Bugzilla is an open-source defect tracking system that manages the entire lifecycle of defects in software development, such as submitting, repairing, and disabling defects. It is widely used in open-source projects, such as Apache Software Foundation, Linux kernel, LibreOffice, OpenOffice, OpenSSH, Eclipse, KDE, GNOME, and various Linux releases.
Bugzilla has a cross-site scripting vulnerability in the code library audit implementation, allowing attackers to obtain sensitive information.
<* Source: Check Point Software Technologies
Simon Green
Byron Jones
James Kettle
Netanel Rubin
Frederic Buclin
Matt Tyson
David Lawrence
Link: http://www.bugzilla.org/security/4.0.14/
*>
Suggestion:
Vendor patch:
Bugzilla
--------
For this reason, Bugzilla has released a Security Bulletin (4.0.14) and corresponding patches:
4.0.14: 4.0.14, 4.2.10, 4.4.5, and 4.5.5 Security Advisory
Link: http://www.bugzilla.org/security/4.0.14/
Patch download: http://www.bugzilla.org/download/
Reference: https://bugzilla.mozilla.org/show_bug.cgi? Id = 1075578
Release of all Bugzilla updates to fix important vulnerabilities
Install Bugzilla 4.2 On Fedora 16
Bugzilla Installation Process
Configure Bugzilla in Debian7 & Ubuntu 13.10
For details about Bugzilla, click here
For Bugzilla: click here
This article permanently updates the link address: