Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0153

4 documents4 sources
Severity
5.0MEDIUM
EPSS
4.7%
top 10.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mozilla Bonsai
Timeline
PublishedApr 2
Latest updateApr 29

Description

bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-xcjx-ph22-cf83: bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog2022-04-29
CVEList
CVE-2003-0153: bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog2003-03-26

💥Exploits & PoCs

1
Exploit-DB
Mozilla Bonsai 1.3 - Full Path Disclosure2002-08-20
CVE-2003-0153 (MEDIUM CVSS 5) | bonsai Mozilla CVS query tool leaks | cvebase.io