Vulnerabilities > CVE-2002-0808 - Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
| NASL family | CGI abuses |
| NASL id | BUGZILLA_VULNS.NASL |
| description | According to its version number, the remote Bugzilla bug tracking system is vulnerable to various flaws, including SQL injection, cross-site scripting, and arbitrary command execution. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11463 |
| published | 2003-03-24 |
| reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11463 |
| title | Bugzilla < 2.14.2 / 2.16rc2 / 2.17 Multiple Vulnerabilities (SQLi, XSS, ID, Cmd Exe) |
Redhat
| advisories |
|