Bugzilla Informaton Disclosure Vulnerability Network Vulnerability

Summary

This host is running Bugzilla and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allows attackers to search for bugs that were reported by users belonging to one more groups. Impact Level: Application

Solution

Upgrade to Bugzilla version 3.2.8, 3.4.8, 3.6.2 or 3.7.3 For updates refer to http://www.bugzilla.org/download/

Insight

The flaw is due to an error in 'Search.pm' which allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.

Affected

Bugzilla 2.19.1 to 3.2.7, 3.3.1 to 3.4.7, 3.5.1 to 3.6.1 and 3.7 to 3.7.2

References

http://secunia.com/advisories/41128
http://www.vupen.com/english/advisories/2010/2035
http://www.vupen.com/english/advisories/2010/2205
https://bugzilla.mozilla.org/show_bug.cgi?id=417048

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2756
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Afian 'includer.php' Directory Traversal Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities

Take action and discover your vulnerabilities