CVE-2014-8630 — MEDIUM (6.5)

Q: How severe is CVE-2014-8630?

CVE-2014-8630 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-8630?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla, Fedoraproject Fedora.

Vulnerability Description

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mozilla	Bugzilla	<= 4.0.16
Fedoraproject	Fedora	20

Related Weaknesses (CWE)

CWE-77

References

http://advisories.mageia.org/MGASA-2015-0048.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149921.hThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149925.hThird Party Advisory
http://www.bugzilla.org/security/4.0.15/Issue TrackingPatchVendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:030
https://bugzilla.mozilla.org/show_bug.cgi?id=1079065Issue TrackingVendor Advisory
https://security.gentoo.org/glsa/201607-11
http://advisories.mageia.org/MGASA-2015-0048.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149921.hThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149925.hThird Party Advisory
http://www.bugzilla.org/security/4.0.15/Issue TrackingPatchVendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:030
https://bugzilla.mozilla.org/show_bug.cgi?id=1079065Issue TrackingVendor Advisory
https://security.gentoo.org/glsa/201607-11

FAQ

What is CVE-2014-8630?

CVE-2014-8630 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcompone...

How severe is CVE-2014-8630?

CVE-2014-8630 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-8630?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla, Fedoraproject Fedora.