CVE-2001-1401
published 2001-09-10CVE-2001-1401: Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | bugzilla | — | — |
| mozilla | bugzilla | — | — |
| mozilla | bugzilla | — | — |
| mozilla | bugzilla | — | — |
| mozilla | bugzilla | — | — |
| mozilla | bugzilla | — | — |