Vulnerability Description
Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.4 |
References
- http://marc.info/?l=bugtraq&m=108965446813639&w=2
- http://www.securityfocus.com/bid/10698PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16672
- http://marc.info/?l=bugtraq&m=108965446813639&w=2
- http://www.securityfocus.com/bid/10698PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16672
FAQ
What is CVE-2004-0703?
CVE-2004-0703 is a vulnerability with a CVSS score of 7.5 (HIGH). Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control.
How severe is CVE-2004-0703?
CVE-2004-0703 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0703?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.