Mozilla: >> Bugzilla >> 2.12 Security Vulnerabilities
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
CVSS Score
2.1
EPSS Score
0.001
Published
2001-09-10
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
CVSS Score
7.5
EPSS Score
0.005
Published
2001-09-10
Page 8