Bugzilla 'show_bug.cgi' Information Disclosure Vulnerability Network Vulnerability

Summary

Bugzilla is prone to an information-disclosure vulnerability. Successful exploits will allow authenticated attackers to obtain potentially sensitive information that may aid in further attacks. The following are vulnerable: Bugzilla 3.3.4, 3.4rc1, and 3.4.

Solution

Updates are available. Please see the references for details.

References

http://www.bugzilla.org
http://www.bugzilla.org/security/3.4/
http://www.securityfocus.com/bid/35916

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities