PT-2005-3104 · Oracle+1 · Mysql Server+1
Frédéric Buclin
·
Published
2005-07-08
·
Updated
2008-09-05
·
CVE-2005-2174
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Bugzilla versions 2.17.x through 2.20 before 2.20rc1, 2.18 before 2.18.2, 2.19.x
Description:
The issue introduces a race condition by inserting a bug into the database before it is marked private. This allows attackers to access information about the bug via "buglist.cgi" before MySQL replication is complete.
Recommendations:
For versions 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1, update to version 2.18.2 or 2.20rc1 or later to resolve the issue.
For version 2.20 before 2.20rc1, update to version 2.20rc1 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bugzilla
Mysql Server