CVE-2005-2173 — Mozilla Bugzilla vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 40.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedJul 8

Latest updateMay 1

Description

The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla12 versions+11

Patches

Patch: www.bugzilla.org ↗Patch: bugzilla.mozilla.org ↗Patch: www.bugzilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-mhp7-wjrm-g66r: The Flag::validate and Flag::modify functions in Bugzilla 2↗2022-05-01

▶

CVEList

CVE-2005-2173: The Flag::validate and Flag::modify functions in Bugzilla 2↗2005-07-08

▶