Vulnerability Description
process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.9 |
References
- http://marc.info/?l=bugtraq&m=109872095201238&w=2
- https://bugzilla.mozilla.org/show_bug.cgi?id=252638Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17840
- http://marc.info/?l=bugtraq&m=109872095201238&w=2
- https://bugzilla.mozilla.org/show_bug.cgi?id=252638Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17840
FAQ
What is CVE-2004-1633?
CVE-2004-1633 is a vulnerability with a CVSS score of 5.0 (MEDIUM). process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the...
How severe is CVE-2004-1633?
CVE-2004-1633 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1633?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.