Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Bugzilla Quip操控绕过安全限制漏洞
Vulnerability Description
Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。 Bugzilla的bug列表顶部显示一个Quip状态,所有用户都可以推荐Quip状态,但只有管理员才可以控制显示哪个状态。 quips.cgi中的代码如果得到了action=approve的话,就会认为用户希望禁用所有的quip,但没有检查用户身份,这允许非特权用户通过提交恶意的URL绕过访问检查批准或否决quip的状态。
CVSS Information
N/A
Vulnerability Type
N/A