What is the severity of CVE-2004-1633?

CVE-2004-1633 is considered a moderate severity vulnerability as it allows unauthorized modification of bug keywords by authenticated users.

How do I fix CVE-2004-1633?

To fix CVE-2004-1633, upgrade Bugzilla to a version later than 2.19 or apply the necessary patches provided by the Bugzilla team.

Which versions of Bugzilla are affected by CVE-2004-1633?

CVE-2004-1633 affects Bugzilla versions from 2.9 to 2.18rc2 and certain versions of 2.19.

Can CVE-2004-1633 be exploited remotely?

Yes, CVE-2004-1633 can be exploited remotely by authenticated users who can send malicious requests using the keywordaction parameter.

What are the potential impacts of exploiting CVE-2004-1633?

Exploiting CVE-2004-1633 could lead to unauthorized changes in bug tracking data, causing data integrity issues in the Bugzilla system.

Vulnerability/
CVE-2004-1633

medium

CWE

NVD-CWE-Other

25/10/2004

20/2/2005

8/8/2024

CVE-2004-1633

First published: Mon Oct 25 2004(Updated: )

process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mozilla Bugzilla	=2.17.6
Mozilla Bugzilla	=2.16.1
Mozilla Bugzilla	=2.19
Mozilla Bugzilla	=2.18-rc1
Mozilla Bugzilla	=2.16.2
Mozilla Bugzilla	=2.17.4
Mozilla Bugzilla	=2.10
Mozilla Bugzilla	=2.17.1
Mozilla Bugzilla	=2.16
Mozilla Bugzilla	=2.14.2
Mozilla Bugzilla	=2.14.3
Mozilla Bugzilla	=2.14.4
Mozilla Bugzilla	=2.17.5
Mozilla Bugzilla	=2.17.3
Mozilla Bugzilla	=2.16.4
Mozilla Bugzilla	=2.12
Mozilla Bugzilla	=2.16.3
Mozilla Bugzilla	=2.14.5
Mozilla Bugzilla	=2.17.7
Mozilla Bugzilla	=2.17
Mozilla Bugzilla	=2.9
Mozilla Bugzilla	=2.18-rc2
Mozilla Bugzilla	=2.14.1
Mozilla Bugzilla	=2.16.5
Mozilla Bugzilla	=2.14

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-1633?
CVE-2004-1633 is considered a moderate severity vulnerability as it allows unauthorized modification of bug keywords by authenticated users.
How do I fix CVE-2004-1633?
To fix CVE-2004-1633, upgrade Bugzilla to a version later than 2.19 or apply the necessary patches provided by the Bugzilla team.
Which versions of Bugzilla are affected by CVE-2004-1633?
CVE-2004-1633 affects Bugzilla versions from 2.9 to 2.18rc2 and certain versions of 2.19.
Can CVE-2004-1633 be exploited remotely?
Yes, CVE-2004-1633 can be exploited remotely by authenticated users who can send malicious requests using the keywordaction parameter.
What are the potential impacts of exploiting CVE-2004-1633?
Exploiting CVE-2004-1633 could lead to unauthorized changes in bug tracking data, causing data integrity issues in the Bugzilla system.

collector/nvd-historical
collector/nvd-index
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/last-modified-date
agent/references
agent/tags
agent/author
agent/event
agent/description
agent/source
vendor/mozilla
canonical/mozilla bugzilla
version/mozilla bugzilla/2.17.6
version/mozilla bugzilla/2.16.1
version/mozilla bugzilla/2.19
version/mozilla bugzilla/2.18-rc1
version/mozilla bugzilla/2.16.2
version/mozilla bugzilla/2.17.4
version/mozilla bugzilla/2.10
version/mozilla bugzilla/2.17.1
version/mozilla bugzilla/2.16
version/mozilla bugzilla/2.14.2
version/mozilla bugzilla/2.14.3
version/mozilla bugzilla/2.14.4
version/mozilla bugzilla/2.17.5
version/mozilla bugzilla/2.17.3
version/mozilla bugzilla/2.16.4
version/mozilla bugzilla/2.12
version/mozilla bugzilla/2.16.3
version/mozilla bugzilla/2.14.5
version/mozilla bugzilla/2.17.7
version/mozilla bugzilla/2.17
version/mozilla bugzilla/2.9
version/mozilla bugzilla/2.18-rc2
version/mozilla bugzilla/2.14.1
version/mozilla bugzilla/2.16.5
version/mozilla bugzilla/2.14