CVE-2011-3667
N/A
N/A
Summary
The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0184.html
- http://www.bugzilla.org/security/3.4.12/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72042
- https://bugzilla.mozilla.org/show_bug.cgi?id=711714
References
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0184.html
- http://www.bugzilla.org/security/3.4.12/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72042
- https://bugzilla.mozilla.org/show_bug.cgi?id=711714
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.