CVE-2005-3139 — Mozilla Bugzilla vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 30.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedOct 5

Latest updateMay 1

Description

Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla5 versions+4

Patches

Patch: secunia.com ↗Patch: www.bugzilla.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-p755-fv54-jvjv: Bugzilla 2↗2022-05-01

▶

CVEList

CVE-2005-3139: Bugzilla 2↗2005-10-05

▶