CVE-2011-3667 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-3667 Interim 1 3 2021-06-09T09:04:39Z current 2021-05-30T13:00:04Z 2021-06-09T09:04:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-3667 The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message. CVE-2011-3667 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P