| Vulnerability Name: | CVE-2014-8630 (CCN-102681) |
| Assigned: | 2014-11-06 |
| Published: | 2015-01-21 |
| Updated: | 2017-01-03 |
| Summary: | Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.
|
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low |
|
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-77
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: CONFIRM
Type: UNKNOWN
http://advisories.mageia.org/MGASA-2015-0048.html
Source: MITRE
Type: CNA
CVE-2014-8630
Source: FEDORA
Type: Third Party Advisory
FEDORA-2015-1713
Source: FEDORA
Type: Third Party Advisory
FEDORA-2015-1699
Source: CONFIRM
Type: Issue Tracking, Patch, Vendor Advisory
http://www.bugzilla.org/security/4.0.15/
Source: MANDRIVA
Type: UNKNOWN
MDVSA-2015:030
Source: CCN
Type: BID-72525
Bugzilla CVE-2014-8630 Command Injection Vulnerability
Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1079065
Source: XF
Type: UNKNOWN
bugzilla-cve20148630-command-exec(102681)
Source: GENTOO
Type: UNKNOWN
GLSA-201607-11
Source: CCN
Type: Bugzilla Security Advisory
5.0rc1, 4.4.6, 4.2.11, and 4.0.15 Security Advisory
Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-8630
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:mozilla:bugzilla:*:*:*:*:*:*:*:* (Version <= 4.0.16)OR cpe:/a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2.6:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2.7:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2.8:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2.9:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2.10:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2.11:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.4:rc1:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.4:rc2:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.4.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.4.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.4.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.4.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.4.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.4.6:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.5.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.5.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.5.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.5.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.5.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.5.6:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:fedoraproject:fedora:20:*:*:*:*:*:*:*OR cpe:/o:fedoraproject:fedora:21:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:bugzilla:4.4:-:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |