CVE-2004-1633 — Mozilla Bugzilla vulnerability
3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 47.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 25
Latest updateApr 29
Description
process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.
CVSS vector
AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9