CVE-2008-7292Sensitive Information Exposure in Mozilla Bugzilla

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 82.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedAug 9
Latest updateMay 17

Description

Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/bugzilla12 versions+11

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-9rqw-jw32-4q7h: Bugzilla 22022-05-17
CVEList
CVE-2008-7292: Bugzilla 22011-08-09
CVE-2008-7292 — Sensitive Information Exposure | cvebase