Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2003-04-02T05:00:00
Updated: 2003-03-24T00:00:00
Reserved: 2002-07-29T00:00:00
Link: CVE-2002-0809
JSON object: View
NVD Information
Status : Analyzed
Published: 2002-08-12T04:00:00.000
Modified: 2008-09-05T20:29:00.490
Link: CVE-2002-0809
JSON object: View
Redhat Information
No data.
CWE