Bugzilla versions 2.0 to 4.2.14, 4.3.1 to 4.4.9, and 4.5.1 to 5.0 suffer from an unauthorized account creation vulnerability.
9b1272725e4045835294ef9f644a6664c5657f9a14374d95b6685f5bdc61cc69
Bugzilla Security Advisory - Bugzilla versions 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, and 4.5.1 to 4.5.5 suffer from unauthorized account creation, cross site scripting, and information leak vulnerabilities.
0d0e7c27532f6562403faf6ddb1249c6fce16ba6525feadfe7c92217191a6748
Bugzilla Security Advisory - Bugzilla versions 3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, and 4.5.1 to 4.5.4 suffer from a cross site request forgery vulnerability.
cd0337a3196b87e65a4382c3d46665e5a07957324bbe8fa092ed144b51893ab0
Bugzilla Security Advisory - Bugzilla versions 2.0 through 4.4.2 and 4.5.1 through 4.5.2 suffer from a cross site request forgery vulnerability. Bugzilla versions 2.0 through 4.0.11, 4.1.1 through 4.2.7, 4.3.1 through 4.4.2, and 4.5.1 through 4.5.2 suffer from a social engineering vulnerability.
e3f8c68b0a1bbdf0fb518956a6f0baea7892e0d7d30f6fb5905d155c12849c5b
Bugzilla Security Advisory - When the user logs in using LDAP, the username is not escaped before being passed to LDAP which could potentially lead to LDAP injection. Extensions are not protected against directory browsing by default and users can view the source code of templates used by the extensions. These templates may contain sensitive data.
a5d9eb97d8ed5caaa5684888b740b5cecb254605b98dce901b0bd2362f639636
Bugzilla Security Advisory - Bugzilla versions 4.1.1 to 4.2.1, 4.3.1 suffer from a permission trust vulnerability. Bugzilla versions 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to 4.2.1, 4.3.1 leak the description of a private attachment.
ccbe41f39c39d46f4dd678d5b50b50f6b23d74222a0aadab053e8ce5c1e2b4db
Bugzilla Security Advisory - Bugzilla versions 3.5.3 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from an authorized access vulnerability. Bugzilla versions 2.17.4 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from a cross site scripting vulnerability.
cd5bcb16d9fc77f836d09c3e0255fb95fd2cfe29cc6147822f65c77d60475b15