CVE-2010-2756 — Mozilla Bugzilla vulnerability

CWE-2645 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.8%
top 25.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedAug 16
Latest updateMay 17

Description

Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

â–¶NVDmozilla/bugzilla74 versions+73

🔴Vulnerability Details

2
GHSA
GHSA-39g7-ph8w-jpqp: Search↗2022-05-17
â–¶
CVEList
CVE-2010-2756: Search↗2010-08-13
â–¶

💬Community

2
Bugzilla
CVE-2010-2756 CVE-2010-2757 CVE-2010-2758 CVE-2010-2759 bugzilla: multiple vulnerabilities corrected in 3.4.8/3.6.2 [fedora-all]↗2010-08-11
â–¶
Bugzilla
CVE-2010-2756 CVE-2010-2757 CVE-2010-2758 CVE-2010-2759 bugzilla: multiple vulnerabilities corrected in 3.4.8/3.6.2↗2010-08-11
â–¶
CVE-2010-2756 — Mozilla Bugzilla vulnerability | cvebase