CVE Vulnerabilities

CVE-2003-1046

Published: Aug 18, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.

Affected Software

Name Vendor Start Version End Version
Bugzilla Mozilla 2.4 2.4
Bugzilla Mozilla 2.6 2.6
Bugzilla Mozilla 2.8 2.8
Bugzilla Mozilla 2.10 2.10
Bugzilla Mozilla 2.12 2.12
Bugzilla Mozilla 2.14 2.14
Bugzilla Mozilla 2.14.1 2.14.1
Bugzilla Mozilla 2.14.2 2.14.2
Bugzilla Mozilla 2.14.3 2.14.3
Bugzilla Mozilla 2.14.4 2.14.4
Bugzilla Mozilla 2.14.5 2.14.5
Bugzilla Mozilla 2.16 2.16
Bugzilla Mozilla 2.16.1 2.16.1
Bugzilla Mozilla 2.16.2 2.16.2
Bugzilla Mozilla 2.16.3 2.16.3
Bugzilla Mozilla 2.17.1 2.17.1
Bugzilla Mozilla 2.17.3 2.17.3
Bugzilla Mozilla 2.17.4 2.17.4

References