CVE-2014-8630

{"id": "CVE-2014-8630", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-02-01T15:59:04.353", "references": [{"url": "http://advisories.mageia.org/MGASA-2015-0048.html", "source": "security@mozilla.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149921.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149925.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.bugzilla.org/security/4.0.15/", "tags": ["Patch", "Issue Tracking", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:030", "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1079065", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://security.gentoo.org/glsa/201607-11", "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name."}, {"lang": "es", "value": "Bugzilla anterior a 4.0.16, 4.1.x y 4.2.x anterior a 4.2.12, 4.3.x y 4.4.x anterior a 4.4.7, y 5.x anterior a 5.0rc1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios mediante el aprovechamiento del privilegio editcomponents y la provocaci\u00f3n de entradas manipuladas en una llamada abierta de doble argumento Perl, tal y como fue demostrado mediante megacaracteres de shell en el nombre de un producto."}], "lastModified": "2017-01-03T02:59:20.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A5B0526-E225-4A59-9396-01D73DE030E7", "versionEndIncluding": "4.0.16"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85CDC579-6967-4E5C-B716-B2BC04F6DBF2"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27783033-F558-427C-89A7-C3638C57F2A0"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E91557C7-8C53-49C4-8BC5-7F86D4AA09B8"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50448355-F1D3-48AB-AED0-5FE027D7C199"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CE9B4E3-8044-4305-A517-E695D0831355"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BDA28D1-5B26-4FBA-B685-C230569AF024"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F61B90BF-3548-4D3A-BF70-A9DC96C11775"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD204F45-15FE-4677-BC4C-A53F322A3B15"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22FAFCDF-C615-4958-9C6D-E74EC11E9A62"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D623AEB-622E-470E-898C-A447F9C4066A"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9019921A-B8D2-4774-AB6B-673FC2FD2197"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DC1A059-DDE4-4442-BD90-20AB3CE0E1CC"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4801DB4A-F828-4E95-8619-F909D5D39524"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E0D48CD-C77A-4D86-B091-2B8DF3ADA6D7"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "956C5C97-E7A8-49F2-8AC6-9570A5948395"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "281A3D1A-1F92-454D-AE09-522114FF9D8D"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "717B879A-EDEA-4917-A75E-2C40BB8D35D7"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F874FD21-1D5D-4F0F-BEE1-93229AA3E8A6"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F119CA93-4D32-4852-90AD-A23215D6CBAC"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CA9A1C4-412D-4EED-8259-04F48322238B"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27847E43-22AD-468D-8E64-8D56EA8CBE50"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DBB66FA-6E99-4F08-A223-6070E193B869"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D00AE646-61CC-4036-8B8F-35B818530BFC"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.4:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF326273-99CF-40C3-B112-F5F18C94978F"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.4:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECED66BE-C877-4250-AC7A-FAEAD9DAAC31"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FFFD96D-D0B5-47BB-91D9-3736E343711E"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D710732-6D93-4143-874F-81B19F70FBEF"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD56846F-40B5-4A45-99DB-44C56E3A20A3"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32C22A06-5F01-4C6A-886F-E3C0776C3C5B"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6457398E-A1C9-4F72-BBF7-FC54118FA91C"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47FF50AB-7156-4828-A6B5-6E7AF5152561"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FA8C43E-AD0C-45F7-BC20-61358C7F23EA"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E86608A6-8B14-4D27-A86B-1DD10E1F7825"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7F176CD-2EE5-4C7D-A376-4EA8918610C3"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BD5F23A-33EC-4D8A-B39D-972A048DAB0A"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1F3C39E-50A1-4005-AC0B-097A1FA6E1C2"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47A322B9-DA3A-448C-BD61-3E67A98AC74E"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:4.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "482DEB13-B194-4D5E-9C5A-E1502108741C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}