CVE-2004-1635

N/A Unknown
Published: October 24, 2004 Modified: April 16, 2026
View on NVD

Description

Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://marc.info/?l=bugtraq&m=109872095201238&w=2
Source: cve@mitre.org
http://www.securityfocus.com/bid/11511
Source: cve@mitre.org
Patch Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=250605
Source: cve@mitre.org
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=253544
Source: cve@mitre.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17842
Source: cve@mitre.org
http://marc.info/?l=bugtraq&m=109872095201238&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/11511
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=250605
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=253544
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17842
Source: af854a3a-2127-422b-91ae-364da2661108

10 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.6%
70th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

mozilla