CVE-2004-1633

Published: Oct 25, 2004Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.

Affected (25)

Products: Mozilla: Bugzilla

Mozilla

1 product

Bugzilla

Configuration A

25 vulnerable

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 2.10
Mozilla Bugzilla	Version 2.12
Mozilla Bugzilla	Version 2.14.1
Mozilla Bugzilla	Version 2.14.2
Mozilla Bugzilla	Version 2.14.3
Mozilla Bugzilla	Version 2.14.4
Mozilla Bugzilla	Version 2.14.5
Mozilla Bugzilla	Version 2.14
Mozilla Bugzilla	Version 2.16.1
Mozilla Bugzilla	Version 2.16.2
Mozilla Bugzilla	Version 2.16.3
Mozilla Bugzilla	Version 2.16.4
Mozilla Bugzilla	Version 2.16.5
Mozilla Bugzilla	Version 2.16
Mozilla Bugzilla	Version 2.17.1
Mozilla Bugzilla	Version 2.17.3
Mozilla Bugzilla	Version 2.17.4
Mozilla Bugzilla	Version 2.17.5
Mozilla Bugzilla	Version 2.17.6
Mozilla Bugzilla	Version 2.17.7
Mozilla Bugzilla	Version 2.17
Mozilla Bugzilla	Version 2.18 rc1
Mozilla Bugzilla	Version 2.18 rc2
Mozilla Bugzilla	Version 2.19
Mozilla Bugzilla	Version 2.9

References (6)

http://marc.info/?l=bugtraq&m=109872095201238&w=2

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=252638

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17840

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=109872095201238&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=252638

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17840

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.