Name: CVE-2008-6098 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6098 Assigned: 20090209 Reference: CONFIRM: http://www.bugzilla.org/security/2.20.6/ Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=449931 Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."
Created bugzilla tracking bugs for this issue CVE-2008-6098 Affects: F10 [bug #484756] CVE-2008-6098 Affects: F9 [bug #484757] CVE-2008-6098 Affects: Fdevel [bug #484758]
bugzilla-3.2.2-2.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/bugzilla-3.2.2-2.fc9
bugzilla-3.2.2-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/bugzilla-3.2.2-2.fc10
Fixed via: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2417 https://admin.fedoraproject.org/updates/F9/FEDORA-2009-2418
bugzilla-3.2.2-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
bugzilla-3.2.2-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.