CVE-2004-1635

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.17.1 through 2.18rc2 Bugzilla version 2.19 from cvs

Description The issue affects the insidergroup feature, where private attachments are not sufficiently protected when there are changes to metadata, such as filename, description, MIME type, or review flags. This allows remote authenticated users to obtain sensitive information when viewing the bug activity log or receiving bug change notification mails.

Recommendations For Bugzilla versions 2.17.1 through 2.18rc2, consider restricting access to the bug activity log and bug change notification mails to minimize the risk of exploitation. For Bugzilla version 2.19 from cvs, consider restricting access to the bug activity log and bug change notification mails to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.