CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
46.7%
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | bugzilla | 2.17.1 | cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.17.3 | cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.17.4 | cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.17.5 | cpe:2.3:a:mozilla:bugzilla:2.17.5:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.17.6 | cpe:2.3:a:mozilla:bugzilla:2.17.6:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.17.7 | cpe:2.3:a:mozilla:bugzilla:2.17.7:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:* |
mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:* |
mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:* |