VULHUB ™

Bugzilla is a free, open source bug tracking and reporting appplication. It allows users to submit bugs, offers a forum for discussing bugs, keeps track of the status of bugs, and can restrict who has access to bug information. A vulnerability in 'process_bug.cgi' for Bugzilla(v2.12 and earlier) allows users to access restricted bug information. Bugzilla uses group bits to determine which users may access information about bugs. When using 'process_bug.cgi' to mass-edit bugs the new product name for the the bug is not set with the group bit, which allows the user to bypass the access controls enforced by aspects of Bugzilla.

Bugzilla is a free, open source bug tracking and reporting appplication. It allows users to submit bugs, offers a forum for discussing bugs, keeps track of the status of bugs, and can restrict who has access to bug information. A vulnerability in 'process_bug.cgi' for Bugzilla(v2.12 and earlier) allows users to access restricted bug information. Bugzilla uses group bits to determine which users may access information about bugs. When using 'process_bug.cgi' to mass-edit bugs the new product name for the the bug is not set with the group bit, which allows the user to bypass the access controls enforced by aspects of Bugzilla.