Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bugzilla Data/Mining目录权限不安全漏洞
Vulnerability Description
Bugzilla是美国Mozilla基金会开发的一套开源的缺陷跟踪系统,它可管理软件开发中缺陷的提交(new)、修复(resolve)、关闭(close)等整个生命周期。 Bugzilla提供的数据收集脚本不正确设置data/mining目录权限,本地攻击者可以利用这个漏洞更改或删除收集的数据。 数据收集脚本以cron作业方式工作,每次起运行的时候会更改data/mining目录为全局可写,利用这段时间本地用户可以更改data/mining目录中的任意收集数据。
CVSS Information
N/A
Vulnerability Type
N/A