CVE-2010-1204 — Mozilla Bugzilla vulnerability

CWE-2646 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 35.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedJun 28

Latest updateMay 2

Description

Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla44 versions+43

🔴Vulnerability Details

GHSA

GHSA-hc22-3vxj-gwr6: Search↗2022-05-02

▶

CVEList

CVE-2010-1204: Search↗2010-06-28

▶

📋Vendor Advisories

Red Hat

Bugzilla: Sensitive time-tracking information disclosure via specially-crafted URL↗2005-09-25

▶

💬Community

Bugzilla

CVE-2010-1204 Bugzilla: Sensitive time-tracking information disclosure via specially-crafted URL↗2010-06-28

▶

Bugzilla

CVE-2010-1644 CVE-2010-1645 CVE-2010-2092 Cacti v0.8.7f - three security fixes↗2010-05-24

▶