CVE-2005-2174 — Race Condition in Mozilla Bugzilla

3 documents3 sources

Severity

2.6LOWNVD

EPSS

0.4%

top 39.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedJul 8

Latest updateMay 1

Description

Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla12 versions+11

Patches

Patch: www.bugzilla.org ↗Patch: bugzilla.mozilla.org ↗Patch: www.bugzilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-xq22-q558-rcg4: Bugzilla 2↗2022-05-01

▶

CVEList

CVE-2005-2174: Bugzilla 2↗2005-07-08

▶