SecuritySpace - CAN-2005-2173

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CAN-2005-2173

Description: The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2005-2173
http://www.bugzilla.org/security/2.18.1/
https://bugzilla.mozilla.org/show_bug.cgi?id=293159
http://securitytracker.com/id?1014428

CVE ID:	CAN-2005-2173
Description:	The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2173 http://www.bugzilla.org/security/2.18.1/ https://bugzilla.mozilla.org/show_bug.cgi?id=293159 http://securitytracker.com/id?1014428