Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2104 to the following vulnerability: The WebService in Bugzilla before 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check. Fixed in: 3.1.4 Refences: http://www.bugzilla.org/security/2.20.5/ https://bugzilla.mozilla.org/show_bug.cgi?id=415471 http://www.securityfocus.com/bid/29038 http://www.frsirt.com/english/advisories/2008/1428/references http://www.securitytracker.com/id?1019968 http://secunia.com/advisories/30064 http://xforce.iss.net/xforce/xfdb/42218
According to upstream report, this only affects Bugzilla 3.1.3. Fedora currently only ships Bugzilla 3.0.3.