CVE-2003-1044

editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugzilla.mozilla.org/show_bug.cgi?id=219690
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
http://www.securityfocus.com/archive/1/343185
http://www.securityfocus.com/bid/8953	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13597

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:bugzilla:2.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.6:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.8:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.10:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.12:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.5:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.4:::::::*

History

No history.

Information

Published : 2004-08-18 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-2003-1044

Mitre link : CVE-2003-1044

CVE.ORG link : CVE-2003-1044

JSON object : View

Products Affected

mozilla

bugzilla

CWE

NVD-CWE-Other

{"id": "CVE-2003-1044", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-08-18T04:00:00.000", "references": [{"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=219690", "source": "cve@mitre.org"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/343185", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/8953", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13597", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID."}, {"lang": "es", "value": "editproducts.cgi en Bugzilla 2.16.3 y anteriores, cuando usebuggroups est\u00e1 activado, no elimina adecuadamente privilegios de a\u00f1adir a grupo de un grupo que est\u00e1 siendo borrado, lo que permite a usuarios con esos privilegios realizar adiciones no autorizadas al siguiente grupo que le sea asignado el ID del grupo original."}], "lastModified": "2017-07-11T01:29:41.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8112FF13-B4CE-4DC7-85B1-C69D975F162B"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86F5A3CA-E4A6-4E51-AC83-0C8F3E5E2C4E"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6E5E379-D475-42F3-B0DC-3D04C1D25566"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "893741D3-062B-45F9-B5A3-1B81058E7FD7"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8D53B5F-6AEE-4192-B838-E1DA92C59285"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1883A98C-E595-4F3C-87BF-A63393F9F561"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD49E53A-5676-4FAC-A8A2-30FAC04C33D7"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1084AF8E-5269-4EFF-BBD2-C5A77945FCF2"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9A4B035-B73E-48E9-BBB9-83219F5D2A95"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9452C271-2812-4775-8396-394C642EACFD"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D351AF2-C0AB-4BB3-8692-677A3025A615"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F16D338E-C5BC-46E1-95DD-D9B0E25EE56E"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F19219-3AFD-4D8E-B02B-BFCBD1BC7C36"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B900D9A7-913A-4176-90CF-C7C3B09A4261"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B692910E-633D-4A88-B245-56A2B58DD4CB"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBCDA64F-C49A-4F5B-B285-4079D8E3A499"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85ED3457-CC21-4DB3-931F-677F723E1B2A"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C8711D3-55CF-4131-BBAC-6BE07068219F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}