Vulnerability Description
editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.4 |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=219690
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
- http://www.securityfocus.com/archive/1/343185
- http://www.securityfocus.com/bid/8953PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13597
- http://bugzilla.mozilla.org/show_bug.cgi?id=219690
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
- http://www.securityfocus.com/archive/1/343185
- http://www.securityfocus.com/bid/8953PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13597
FAQ
What is CVE-2003-1044?
CVE-2003-1044 is a vulnerability with a CVSS score of 7.5 (HIGH). editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privilege...
How severe is CVE-2003-1044?
CVE-2003-1044 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1044?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.