CVE-2014-8630

EPSS 0.63%
Veröffentlicht 01.02.2015 15:59:04
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Bugzilla Version <= 4.0.16

Mozilla ≫ Bugzilla Version4.1

Mozilla ≫ Bugzilla Version4.1.1

Mozilla ≫ Bugzilla Version4.1.2

Mozilla ≫ Bugzilla Version4.1.3

Mozilla ≫ Bugzilla Version4.2

Mozilla ≫ Bugzilla Version4.2 Updaterc1

Mozilla ≫ Bugzilla Version4.2 Updaterc2

Mozilla ≫ Bugzilla Version4.2.1

Mozilla ≫ Bugzilla Version4.2.2

Mozilla ≫ Bugzilla Version4.2.3

Mozilla ≫ Bugzilla Version4.2.4

Mozilla ≫ Bugzilla Version4.2.5

Mozilla ≫ Bugzilla Version4.2.6

Mozilla ≫ Bugzilla Version4.2.7

Mozilla ≫ Bugzilla Version4.2.8

Mozilla ≫ Bugzilla Version4.2.9

Mozilla ≫ Bugzilla Version4.2.10

Mozilla ≫ Bugzilla Version4.2.11

Mozilla ≫ Bugzilla Version4.3

Mozilla ≫ Bugzilla Version4.3.1

Mozilla ≫ Bugzilla Version4.3.2

Mozilla ≫ Bugzilla Version4.3.3

Mozilla ≫ Bugzilla Version4.4

Mozilla ≫ Bugzilla Version4.4 Updaterc1

Mozilla ≫ Bugzilla Version4.4 Updaterc2

Mozilla ≫ Bugzilla Version4.4.1

Mozilla ≫ Bugzilla Version4.4.2

Mozilla ≫ Bugzilla Version4.4.3

Mozilla ≫ Bugzilla Version4.4.4

Mozilla ≫ Bugzilla Version4.4.5

Mozilla ≫ Bugzilla Version4.4.6

Mozilla ≫ Bugzilla Version4.5

Mozilla ≫ Bugzilla Version4.5.1

Mozilla ≫ Bugzilla Version4.5.2

Mozilla ≫ Bugzilla Version4.5.3

Mozilla ≫ Bugzilla Version4.5.4

Mozilla ≫ Bugzilla Version4.5.5

Mozilla ≫ Bugzilla Version4.5.6

Fedoraproject ≫ Fedora Version20

Fedoraproject ≫ Fedora Version21

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.63%	0.696

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://security.gentoo.org/glsa/201607-11

http://advisories.mageia.org/MGASA-2015-0048.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149921.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149925.html

Third Party Advisory

http://www.bugzilla.org/security/4.0.15/

Patch

Vendor Advisory

Issue Tracking

http://www.mandriva.com/security/advisories?name=MDVSA-2015:030

https://bugzilla.mozilla.org/show_bug.cgi?id=1079065