5

CVE-2004-1634

show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaBugzilla Version2.4
MozillaBugzilla Version2.6
MozillaBugzilla Version2.8
MozillaBugzilla Version2.10
MozillaBugzilla Version2.12
MozillaBugzilla Version2.14
MozillaBugzilla Version2.14.1
MozillaBugzilla Version2.14.2
MozillaBugzilla Version2.14.3
MozillaBugzilla Version2.14.4
MozillaBugzilla Version2.14.5
MozillaBugzilla Version2.16
MozillaBugzilla Version2.16.1
MozillaBugzilla Version2.16.2
MozillaBugzilla Version2.16.3
MozillaBugzilla Version2.16.4
MozillaBugzilla Version2.16.5
MozillaBugzilla Version2.17
MozillaBugzilla Version2.17.1
MozillaBugzilla Version2.17.3
MozillaBugzilla Version2.17.4
MozillaBugzilla Version2.17.5
MozillaBugzilla Version2.17.6
MozillaBugzilla Version2.17.7
MozillaBugzilla Version2.18 Updaterc1
MozillaBugzilla Version2.18 Updaterc2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.601
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N