CVE-2002-0806 - Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privil

CVE-2002-0806

Summary

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.

References

Vulnerable Configurations

cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 05-09-2008 - 20:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:P/A:N

redhat via4

advisories

rhsa

id	RHSA-2002:109

refmap via4

bid	4964
bugtraq	20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
confirm	http://bugzilla.mozilla.org/show_bug.cgi?id=141557
osvdb	5080
xf	bugzilla-edituser-user-delete(9303)

Last major update

05-09-2008 - 20:29

Published

12-08-2002 - 04:00

Last modified

05-09-2008 - 20:29