Описание
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00131
Низкий
2.1 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
redhat
около 23 лет назад
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.
debian
почти 23 года назад
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authentic ...
github
около 3 лет назад
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.
EPSS
Процентиль: 34%
0.00131
Низкий
2.1 Low
CVSS2
Дефекты
NVD-CWE-Other