CVE Vulnerabilities

CVE-2003-0012

Published: Jan 17, 2003 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.

Affected Software

Name Vendor Start Version End Version
Bugzilla Mozilla 2.14 2.14
Bugzilla Mozilla 2.14.1 2.14.1
Bugzilla Mozilla 2.14.2 2.14.2
Bugzilla Mozilla 2.14.3 2.14.3
Bugzilla Mozilla 2.14.4 2.14.4
Bugzilla Mozilla 2.16 2.16
Bugzilla Mozilla 2.16.1 2.16.1
Bugzilla Mozilla 2.17 2.17
Bugzilla Mozilla 2.17.1 2.17.1

References