CVE-2003-1046

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.17.3 through 2.17.4

Description The issue concerns improper verification of group membership in Bugzilla when bug entry groups are used. This allows remote attackers to list component descriptions for products that are otherwise restricted.

Recommendations For Bugzilla versions 2.17.3 and 2.17.4, consider restricting access to the describecomponents.cgi component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.