CVE-2002-0008 β€” Mozilla Bugzilla vulnerability

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
2.1%
top 15.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedJan 31
Latest updateApr 30

Description

Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

β–ΆNVDmozilla/bugzilla2.14.1

πŸ”΄Vulnerability Details

2
GHSA
GHSA-xg4h-4wcx-6x7v: Bugzilla before 2β†—2022-04-30
β–Ά
CVEList
CVE-2002-0008: Bugzilla before 2β†—2002-01-10
β–Ά

πŸ“‹Vendor Advisories

1
Red Hat
security flaw↗2002-01-05
β–Ά

πŸ’¬Community

1
Bugzilla
CVE-2002-0008 security flaw↗2018-08-16
β–Ά
CVE-2002-0008 β€” Mozilla Bugzilla vulnerability | cvebase