'Moderately Critical' Bugzilla Bugs SquashedBy Ryan Naraine | Posted 2006-10-16 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Flaws in the open-source bug-tracking tool puts users at risk of cross-site scripting, script injection and data manipulation attacks.
Multiple security flaws in Bugzilla could put users of the software defect tracking software at risk of cross-site scripting, data manipulation and data exposure attacks.
According to a warning from the open-source Bugzilla project, users should immediately upgrade to versions 2.18.6, 2.20.3, 2.22.1 or 2.23.3 to minimize the risk of malicious attacks.
Security alerts aggregator Secunia rates the vulnerabilities as "moderately critical."
The most serious vulnerability occurs because Bugzilla does not properly sanitize various fields when embedded in certain HTML headline tags.
"This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site," Secunia warned.
A second error that happens when attachments in "diff" mode are viewed could let unauthenticated users read the descriptions of all attachments.
Additionally, when exporting bugs to the XML format, the "deadline" field is also visible for users, who are not members of the "timetrackinggroup" group. This can be exploited to gain knowledge of potentially sensitive information, the company explained.
Unpatched versions of Bugzilla also allow users to perform certain sensitive actions via HTTP GET and POST requests without verifying the user's request properly. This can be exploited to modify, delete or create bugs.
Bugzilla is a free, Web-based tool used by software developers to track code bugs and defects. It was originally developed by the Mozilla Foundation and is widely used in the open-source community.
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.