Bugzilla CVE-2015-4499: All Your Bugs Are Belong To Us
Bugzilla is a very popular open-source bug tracking software used by many companies and public entities, including many of the largest open-source projects. It allows an organization to track all outstanding bugs in its products, and enables developers to conveniently document and communicate information on any bug and security threat they have found or fixed in the product.
The discovered vulnerability allows an attacker to obtain permissions on a Bugzilla service they would not otherwise receive. This is achieved by tricking the system into believing that the attacker is part of a privileged domain, causing the system to grant domain-specific permissions.
This vulnerability has been tested and found working on Bugzilla.mozilla.org - the Bugzilla for the Mozilla Foundation. Upon successful exploitation of the vulnerability we were granted permissions that would have potentially allowed us to view confidential data (see screen capture below). The vulnerability was assigned CVE-2015-4499, and at the time of dislosure all Bugzilla versions were vulnerable, going back to version 2.0.
If you are using email based permissions in your Bugzilla deployment and have not yet installed a patched version, take it down until patched. Make sure to go over the logs and user-list to identify users that were created using this vulnerability. This vulnerability is extremely easy to exploit and the details have been known for more than a week, you have been or will be attacked!
m3535wewe ;$
------------------------------------------------------------------------------------------
Full article: https://blog.perimeterx.com/bugzilla-cve-2015-4499/
