Vulnerabilities > CVE-2001-1407 - Unspecified vulnerability in Mozilla Bugzilla

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

mozilla

NVD

Published: 2001-09-10

Updated: 2016-10-18

Summary

Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Bugzilla 2.4 Mozilla Bugzilla 2.6 Mozilla Bugzilla 2.8 Mozilla Bugzilla 2.10 Mozilla Bugzilla 2.12 Mozilla Bugzilla 2.14	6

Redhat

advisories

rhsa

id	RHSA-2001:107

References

http://bugzilla.mozilla.org/show_bug.cgi?id=96085
http://marc.info/?l=bugtraq&m=99912899900567
http://www.iss.net/security_center/static/10479.php
http://www.redhat.com/support/errata/RHSA-2001-107.html