CVE-2005-2174

Sažetak

Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.

Reference

http://securitytracker.com/id?1014428
http://www.bugzilla.org/security/2.18.1/
https://bugzilla.mozilla.org/show_bug.cgi?id=293159

CVSS

Base:	2.6
Impact:	2.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

05-09-2008 - 20:51

Objavljeno

08-07-2005 - 04:00