Bugzilla Security Vulnerabilities and Issues — Bugzilla CVE List

Lucene search

MozillaBugzilla

10 matches found

CVE•added 2003/04/02 5:0 a.m.•48 views

CVE-2001-1407

Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.

7.5CVSS7AI score0.00489EPSS

CVE•added 2003/04/02 5:0 a.m.•47 views

CVE-2001-1406

process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.

2.1CVSS6.8AI score0.00115EPSS

CVE•added 2003/04/02 5:0 a.m.•41 views

CVE-2002-0808

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.

7.5CVSS6.6AI score0.00455EPSS

CVE•added 2003/04/02 5:0 a.m.•40 views

CVE-2002-0011

Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login.

5CVSS7AI score0.00926EPSS

CVE•added 2003/04/02 5:0 a.m.•40 views

CVE-2002-0810

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.

5CVSS6.5AI score0.00862EPSS

CVE•added 2003/04/02 5:0 a.m.•39 views

CVE-2002-0009

show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu.

5CVSS6.9AI score0.00862EPSS

CVE•added 2003/04/02 5:0 a.m.•39 views

CVE-2002-0804

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.

7.5CVSS6.8AI score0.00552EPSS

CVE•added 2003/04/02 5:0 a.m.•38 views

CVE-2002-0805

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.

4.6CVSS6.5AI score0.00075EPSS

CVE•added 2003/04/02 5:0 a.m.•37 views

CVE-2002-0809

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encode...

7.5CVSS6.6AI score0.00455EPSS

CVE•added 2003/04/02 5:0 a.m.•35 views

CVE-2002-0806

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.

2.1CVSS6.4AI score0.00131EPSS