CVE-2002-1196

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

cve-2002-1196

bugzilla

security vulnerability

usebuggroups

perl

math

permissions

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.3%

JSON

editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the “usebuggroups” feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.

Affected configurations

NVD

Node

mozillabugzillaMatch2.14

mozillabugzillaMatch2.14.1

mozillabugzillaMatch2.14.2

mozillabugzillaMatch2.14.3

mozillabugzillaMatch2.16

CPENameOperatorVersion
mozilla:bugzillamozilla bugzillaeq2.14
mozilla:bugzillamozilla bugzillaeq2.14.1
mozilla:bugzillamozilla bugzillaeq2.14.2
mozilla:bugzillamozilla bugzillaeq2.14.3
mozilla:bugzillamozilla bugzillaeq2.16

CPE	Name	Operator	Version
mozilla:bugzilla	mozilla bugzilla	eq	2.14
mozilla:bugzilla	mozilla bugzilla	eq	2.14.1
mozilla:bugzilla	mozilla bugzilla	eq	2.14.2
mozilla:bugzilla	mozilla bugzilla	eq	2.14.3
mozilla:bugzilla	mozilla bugzilla	eq	2.16