CVE-2005-3138 — Mozilla Bugzilla vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 33.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedOct 5

Latest updateMay 1

Description

Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla10 versions+9

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-5fwr-7h5m-9f6r: Bugzilla 2↗2022-05-01

▶

CVEList

CVE-2005-3138: Bugzilla 2↗2005-10-05

▶