CVE-2003-1045 — Mozilla Bugzilla vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

1.2%

top 21.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedAug 18

Latest updateApr 29

Description

votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla18 versions+17

Patches

Patch: bugzilla.mozilla.org ↗Patch: www.securityfocus.com ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-4mcp-g484-xrm6: votes↗2022-04-29

▶

CVEList

CVE-2003-1045: votes↗2004-06-03

▶