CVE-2004-0702 — Mozilla Bugzilla vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 31.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedJul 27

Latest updateApr 29

Description

DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla24 versions+23

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-pq3f-c7q6-qgp9: DBI in Bugzilla 2↗2022-04-29

▶

CVEList

CVE-2004-0702: DBI in Bugzilla 2↗2004-07-21

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-11-02

▶

💬Community

Bugzilla

CVE-2004-1006 security flaw↗2018-08-16

▶