N/A

The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted.

N/A

N/A

Bugzilla 权限许可和访问控制漏洞

Bugzilla是美国Mozilla基金会开发的一套开源的缺陷跟踪系统，它可管理软件开发中缺陷的提交（new）、修复（resolve）、关闭（close）等整个生命周期。 Bugzilla中的token.cgi文件的account-creation功能中‘confirm_create_account’函数存在安全漏洞，该漏洞源于程序没有为‘realname’参数指定标量环境。远程攻击者可利用该漏洞使用未经验证的邮件地址创建账户。以下版本受到影响：Bugzilla 2.x版本至4.0.15之前4.0.x版本

N/A

N/A