Vulnerability Details CVE-2001-1406
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.1%
CVSS Severity
CVSS v2 Score 2.1
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=66235
- http://marc.info/?l=bugtraq&m=99912899900567
- http://www.iss.net/security_center/static/10478.php
- http://www.redhat.com/support/errata/RHSA-2001-107.html
- http://bugzilla.mozilla.org/show_bug.cgi?id=66235
- http://marc.info/?l=bugtraq&m=99912899900567
- http://www.iss.net/security_center/static/10478.php
- http://www.redhat.com/support/errata/RHSA-2001-107.html
Products affected by CVE-2001-1406
-
cpe:2.3:a:mozilla:bugzilla:2.10
-
cpe:2.3:a:mozilla:bugzilla:2.12
-
cpe:2.3:a:mozilla:bugzilla:2.14
-
cpe:2.3:a:mozilla:bugzilla:2.4
-
cpe:2.3:a:mozilla:bugzilla:2.6
-
cpe:2.3:a:mozilla:bugzilla:2.8