CVE-2001-1401

Name of the Vulnerable Software and Affected Versions Bugzilla versions prior to 2.14

Description The issue allows Bugzilla users to bypass viewing permissions for confidential bugs by modifying bug id parameters in various API endpoints, including "process bug.cgi", "show activity.cgi", "showvotes.cgi", "showdependencytree.cgi", "showdependencygraph.cgi", "showattachment.cgi", and "describecomponents.cgi".

Recommendations For versions prior to 2.14, update to version 2.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the aforementioned API endpoints to minimize the risk of exploitation. Avoid using modified bug id parameters in these endpoints until the issue is resolved.