CVE-2006-5454 — Mozilla Bugzilla vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

2.0%

top 16.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedOct 23

Latest updateMay 1

Description

Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla13 versions+12

Patches

Patch: securitytracker.com ↗Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-5j8w-hv4g-6wrj: Bugzilla 2↗2022-05-01

▶

CVEList

CVE-2006-5454: Bugzilla 2↗2006-10-23

▶

💬Community

Bugzilla

CVE-2006-5453, CVE-2006-5454, CVE-2006-5455 bugzilla vulnerabilities↗2006-10-26

▶