Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2004-1635
Description:Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2004-1635
BugTraq ID: 11511
http://www.securityfocus.com/bid/11511
Bugtraq: 20041025 [BUGZILLA] Vulnerabilities in Bugzilla 2.16.6 and 2.18rc2 (Google Search)
http://marc.info/?l=bugtraq&m=109872095201238&w=2
XForce ISS Database: bugzila-metadata-information-disclosure(17842)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17842




© 1998-2024 E-Soft Inc. All rights reserved.