CVE-2002-1196Mozilla Bugzilla vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 37.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedOct 28
Latest updateApr 30

Description

editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmozilla/bugzilla5 versions+4

Patches

Patch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-c3vj-q3f8-r9c3: editproducts2022-04-30
CVEList
CVE-2002-1196: editproducts2004-09-01