Mozilla · Bugzilla · CVE-2003-1046
**Name of the Vulnerable Software and Affected Versions**
Bugzilla versions 2.17.3 through 2.17.4
**Description**
The issue concerns improper verification of group membership in Bugzilla when bug entry groups are used. This allows remote attackers to list component descriptions for products that are otherwise restricted.
**Recommendations**
For Bugzilla versions 2.17.3 and 2.17.4, consider restricting access to the describecomponents.cgi component until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.