PT-2001-2505 · Mozilla · Bugzilla

Published

2001-09-10

Updated

2016-10-18

CVE-2001-1406

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Bugzilla versions prior to 2.14

Description The issue arises from the process bug.cgi script in Bugzilla, which fails to update the group settings when a bug is moved between product groups. This results in the bug retaining the old group's restrictions, potentially leading to less stringent access controls.

Recommendations For versions prior to 2.14, update to version 2.14 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1406

Affected Products

Bugzilla

PT-2001-2505 · Mozilla · Bugzilla

CVE-2001-1406

Related Identifiers

Affected Products

References · 6