CVE-2003-1046

2004-06-0304:00:00

mitre

www.cve.org

6.7 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.8%

JSON

describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.

References

bugzilla.mozilla.org/show_bug.cgi?id=209742

www.securityfocus.com/archive/1/343185

www.securityfocus.com/bid/8953

exchange.xforce.ibmcloud.com/vulnerabilities/13602