CVE-2001-1407

Description

Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.

Affected products

• Mozilla / Bugzilla2.4 – 2.4
• Mozilla / Bugzilla2.6 – 2.6
• Mozilla / Bugzilla2.8 – 2.8
• Mozilla / Bugzilla2.10 – 2.10
• Mozilla / Bugzilla2.12 – 2.12
• Mozilla / Bugzilla2.14 – 2.14

References

• MAILING_LISThttp://marc.info/?l=bugtraq&m=99912899900567
• MISChttp://www.redhat.com/support/errata/RHSA-2001-107.html
• MISChttp://bugzilla.mozilla.org/show_bug.cgi?id=96085
• MISChttp://www.iss.net/security_center/static/10479.php