Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 2.14.1 |
||
mozilla bugzilla 2.16 |
||
mozilla bugzilla 2.14 |