CVE-2001-1401 Information

Feb 14, 2021 cve

Description

Bugzilla before 2.14 does not properly restrict access to confidential bugs which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi (2) show_activity.cgi (3) showvotes.cgi (4) showdependencytree.cgi (5) showdependencygraph.cgi (6) showattachment.cgi or (7) describecomponents.cgi.

Reference

http://bugzilla.mozilla.org/show_bug.cgi?id=39524 http://bugzilla.mozilla.org/show_bug.cgi?id=39526 http://bugzilla.mozilla.org/show_bug.cgi?id=39527 http://bugzilla.mozilla.org/show_bug.cgi?id=39531 http://bugzilla.mozilla.org/show_bug.cgi?id=39533 http://bugzilla.mozilla.org/show_bug.cgi?id=70189 http://bugzilla.mozilla.org/show_bug.cgi?id=82781 http://marc.info/?l=bugtraq&m=99912899900567 http://www.redhat.com/support/errata/RHSA-2001-107.html

Share on: