CVE-2014-8630
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.
Bugzilla anterior a 4.0.16, 4.1.x y 4.2.x anterior a 4.2.12, 4.3.x y 4.4.x anterior a 4.4.7, y 5.x anterior a 5.0rc1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios mediante el aprovechamiento del privilegio editcomponents y la provocaciĆ³n de entradas manipuladas en una llamada abierta de doble argumento Perl, tal y como fue demostrado mediante megacaracteres de shell en el nombre de un producto.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-11-06 CVE Reserved
- 2015-02-01 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://advisories.mageia.org/MGASA-2015-0048.html | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.bugzilla.org/security/4.0.15 | 2017-01-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | <= 4.0.16 Search vendor "Mozilla" for product "Bugzilla" and version " <= 4.0.16" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.1 Search vendor "Mozilla" for product "Bugzilla" and version "4.1" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.1.1 Search vendor "Mozilla" for product "Bugzilla" and version "4.1.1" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.1.2 Search vendor "Mozilla" for product "Bugzilla" and version "4.1.2" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.1.3 Search vendor "Mozilla" for product "Bugzilla" and version "4.1.3" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2 Search vendor "Mozilla" for product "Bugzilla" and version "4.2" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2 Search vendor "Mozilla" for product "Bugzilla" and version "4.2" | rc1 |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2 Search vendor "Mozilla" for product "Bugzilla" and version "4.2" | rc2 |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2.1 Search vendor "Mozilla" for product "Bugzilla" and version "4.2.1" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2.2 Search vendor "Mozilla" for product "Bugzilla" and version "4.2.2" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2.3 Search vendor "Mozilla" for product "Bugzilla" and version "4.2.3" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2.4 Search vendor "Mozilla" for product "Bugzilla" and version "4.2.4" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2.5 Search vendor "Mozilla" for product "Bugzilla" and version "4.2.5" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2.6 Search vendor "Mozilla" for product "Bugzilla" and version "4.2.6" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2.7 Search vendor "Mozilla" for product "Bugzilla" and version "4.2.7" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2.8 Search vendor "Mozilla" for product "Bugzilla" and version "4.2.8" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2.9 Search vendor "Mozilla" for product "Bugzilla" and version "4.2.9" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2.10 Search vendor "Mozilla" for product "Bugzilla" and version "4.2.10" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.2.11 Search vendor "Mozilla" for product "Bugzilla" and version "4.2.11" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.3 Search vendor "Mozilla" for product "Bugzilla" and version "4.3" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.3.1 Search vendor "Mozilla" for product "Bugzilla" and version "4.3.1" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.3.2 Search vendor "Mozilla" for product "Bugzilla" and version "4.3.2" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.3.3 Search vendor "Mozilla" for product "Bugzilla" and version "4.3.3" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.4 Search vendor "Mozilla" for product "Bugzilla" and version "4.4" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.4 Search vendor "Mozilla" for product "Bugzilla" and version "4.4" | rc1 |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.4 Search vendor "Mozilla" for product "Bugzilla" and version "4.4" | rc2 |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.4.1 Search vendor "Mozilla" for product "Bugzilla" and version "4.4.1" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.4.2 Search vendor "Mozilla" for product "Bugzilla" and version "4.4.2" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.4.3 Search vendor "Mozilla" for product "Bugzilla" and version "4.4.3" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.4.4 Search vendor "Mozilla" for product "Bugzilla" and version "4.4.4" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.4.5 Search vendor "Mozilla" for product "Bugzilla" and version "4.4.5" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.4.6 Search vendor "Mozilla" for product "Bugzilla" and version "4.4.6" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.5 Search vendor "Mozilla" for product "Bugzilla" and version "4.5" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.5.1 Search vendor "Mozilla" for product "Bugzilla" and version "4.5.1" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.5.2 Search vendor "Mozilla" for product "Bugzilla" and version "4.5.2" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.5.3 Search vendor "Mozilla" for product "Bugzilla" and version "4.5.3" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.5.4 Search vendor "Mozilla" for product "Bugzilla" and version "4.5.4" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.5.5 Search vendor "Mozilla" for product "Bugzilla" and version "4.5.5" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 4.5.6 Search vendor "Mozilla" for product "Bugzilla" and version "4.5.6" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 20 Search vendor "Fedoraproject" for product "Fedora" and version "20" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 21 Search vendor "Fedoraproject" for product "Fedora" and version "21" | - |
Affected
|