CVE-2003-1046

2004-06-0304:00:00

mitre

www.cve.org

AI Score

6.7

Confidence

Low

EPSS

0.006

Percentile

77.8%

JSON

describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.

References

bugzilla.mozilla.org/show_bug.cgi?id=209742

www.securityfocus.com/archive/1/343185

www.securityfocus.com/bid/8953

exchange.xforce.ibmcloud.com/vulnerabilities/13602