CVE-2005-2174

medium

Description

Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=293159

http://www.bugzilla.org/security/2.18.1/

http://securitytracker.com/id?1014428

Details

Source: Mitre, NVD

Published: 2005-07-08

Updated: 2008-09-05

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: Medium