This advisory covers three security bugs that have recently been discovered and fixed in the Bugzilla code: In the stable 2.16 releases, it is possible to make a specific change to a bug without permissions; and in the 2.18 release candidate, there are information leaks with private attachments and comments.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/34830/bugzilla-10242004.txt
Source: https://packetstormsecurity.com/files/34830/bugzilla-10242004.txt.html