7.5

CVE-2003-1044

editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaBugzilla Version2.4
MozillaBugzilla Version2.6
MozillaBugzilla Version2.8
MozillaBugzilla Version2.10
MozillaBugzilla Version2.12
MozillaBugzilla Version2.14
MozillaBugzilla Version2.14.1
MozillaBugzilla Version2.14.2
MozillaBugzilla Version2.14.3
MozillaBugzilla Version2.14.4
MozillaBugzilla Version2.14.5
MozillaBugzilla Version2.16
MozillaBugzilla Version2.16.1
MozillaBugzilla Version2.16.2
MozillaBugzilla Version2.16.3
MozillaBugzilla Version2.17.1
MozillaBugzilla Version2.17.3
MozillaBugzilla Version2.17.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.16% 0.629
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
http://www.securityfocus.com/archive/1/343185
http://www.securityfocus.com/bid/8953
Patch
Vendor Advisory
http://bugzilla.mozilla.org/show_bug.cgi?id=219690
https://exchange.xforce.ibmcloud.com/vulnerabilities/13597