CVE-2009-3387 — Mozilla Bugzilla vulnerability

CWE-2645 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 29.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedFeb 3

Latest updateMay 2

Description

Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla10 versions+9

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-24h9-wwcg-r638: Bugzilla 3↗2022-05-02

▶

CVEList

CVE-2009-3387: Bugzilla 3↗2010-02-03

▶

📋Vendor Advisories

Red Hat

bugzilla: Sensitive information disclosure via various attack vectors↗2005-11-02

▶

💬Community

Bugzilla

CVE-2009-3387 CVE-2009-3989 bugzilla: Sensitive information disclosure via various attack vectors↗2010-02-04

▶