CVE-2003-1045

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.16.3 and earlier, 2.17.1 through 2.17.4

Description The issue allows remote attackers to read a user's voting page when that user has voted on a restricted bug. This is achieved by modifying the who parameter in the votes.cgi script, potentially exposing sensitive voting information.

Recommendations For Bugzilla versions 2.16.3 and earlier, update to a version later than 2.16.3 to resolve the issue. For Bugzilla versions 2.17.1 through 2.17.4, update to a version later than 2.17.4 to resolve the issue. As a temporary workaround, consider restricting access to the votes.cgi script until a patch is available.