7.5

CVE-2002-1196

EPSS 0.43%
Veröffentlicht 28.10.2002 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Bugzilla Version2.14

Mozilla ≫ Bugzilla Version2.14.1

Mozilla ≫ Bugzilla Version2.14.2

Mozilla ≫ Bugzilla Version2.14.3

Mozilla ≫ Bugzilla Version2.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.62

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12

http://marc.info/?l=bugtraq&m=103349804226566&w=2

http://www.debian.org/security/2002/dsa-173

Patch

Vendor Advisory

http://www.iss.net/security_center/static/10233.php

Vendor Advisory

http://www.securityfocus.com/bid/5843

https://nvd.nist.gov/vuln/detail/CVE-2002-1196

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-1196

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-1196

EUVD