Bugzilla Group Selection During Bug Move Information Disclosure Vulnerability Network Vulnerability

Summary

Bugzilla is prone to an information-disclosure vulnerability. Exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks. This issue affects the following: Bugzilla 3.3.1 through 3.4.4 Bugzilla 3.5.1 Bugzilla 3.5.2

Solution

Updates are available. Please see the references for details.

References

http://www.bugzilla.org
http://www.bugzilla.org/security/3.0.10/
http://www.securityfocus.com/bid/38026
https://bugzilla.mozilla.org/show_bug.cgi?id=532493

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3387
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Apache Struts Cross Site Scripting Vulnerability
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
Apache Tomcat Login Constraints Security Bypass Vulnerability

Take action and discover your vulnerabilities