CVE-2005-1564 — Mozilla Bugzilla vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.8%

top 17.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedMay 12

Latest updateMay 1

Description

post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/bugzilla24 versions+23

Patches

Patch: secunia.com ↗Patch: www.bugzilla.org ↗Patch: www.osvdb.org ↗

🔴Vulnerability Details

GHSA

GHSA-qmr3-72hg-c7ww: post_bug↗2022-05-01

▶

CVEList

CVE-2005-1564: post_bug↗2005-05-14

▶