CVE-2001-1401

critical

Description

Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.

References

http://www.redhat.com/support/errata/RHSA-2001-107.html

http://marc.info/?l=bugtraq&m=99912899900567

http://bugzilla.mozilla.org/show_bug.cgi?id=82781

http://bugzilla.mozilla.org/show_bug.cgi?id=70189

http://bugzilla.mozilla.org/show_bug.cgi?id=39533

http://bugzilla.mozilla.org/show_bug.cgi?id=39531

http://bugzilla.mozilla.org/show_bug.cgi?id=39527

http://bugzilla.mozilla.org/show_bug.cgi?id=39526

http://bugzilla.mozilla.org/show_bug.cgi?id=39524

Details

Source: Mitre, NVD

Published: 2001-09-10

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00883