CVE-2003-1046 — Mozilla Bugzilla vulnerability
3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.4%
top 19.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 18
Latest updateApr 29
Description
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4