CVE-2003-1044

editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.

Published: Aug 18, 2004
Updated: Apr 13, 2023
CVE: CVE-2003-1044
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / bugzilla	2.16.1	2.16.1.x
mozilla / bugzilla	2.16.2	2.16.2.x
mozilla / bugzilla	2.17.4	2.17.4.x
mozilla / bugzilla	2.10	2.10.x
mozilla / bugzilla	2.17.1	2.17.1.x
mozilla / bugzilla	2.16	2.16.x
mozilla / bugzilla	2.14.2	2.14.2.x
mozilla / bugzilla	2.14.3	2.14.3.x
mozilla / bugzilla	2.14.4	2.14.4.x
mozilla / bugzilla	2.14.1	2.14.1.x
mozilla / bugzilla	2.17.3	2.17.3.x
mozilla / bugzilla	2.4	2.4.x
mozilla / bugzilla	2.12	2.12.x
mozilla / bugzilla	2.14	2.14.x
mozilla / bugzilla	2.16.3	2.16.3.x
mozilla / bugzilla	2.14.5	2.14.5.x
mozilla / bugzilla	2.6	2.6.x
mozilla / bugzilla	2.8	2.8.x

Vulnerability Database

289,871

CVE-2003-1044