CVE-2003-0012 — Mozilla Bugzilla vulnerability

3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 81.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedJan 17

Latest updateApr 29

Description

The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla9 versions+8

🔴Vulnerability Details

GHSA

GHSA-6q37-rgr4-xxpf: The data collection script for Bugzilla 2↗2022-04-29

▶

CVEList

CVE-2003-0012: The data collection script for Bugzilla 2↗2004-09-01

▶