CVE-2003-1046

high

Description

describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/13602

http://www.securityfocus.com/bid/8953

http://www.securityfocus.com/archive/1/343185

http://bugzilla.mozilla.org/show_bug.cgi?id=209742

Details

Source: Mitre, NVD

Published: 2004-08-18

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

Detections

Analytics