CVE-2005-2173 — MEDIUM (5.0)

Vulnerability Description

The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Mozilla	Bugzilla	2.17.1

References

http://securitytracker.com/id?1014428
http://www.bugzilla.org/security/2.18.1/PatchVendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=293159Patch
http://securitytracker.com/id?1014428
http://www.bugzilla.org/security/2.18.1/PatchVendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=293159Patch

FAQ

What is CVE-2005-2173?

CVE-2005-2173 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to ...

How severe is CVE-2005-2173?

CVE-2005-2173 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-2173?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.