CVE-2010-2758 — Sensitive Information Exposure in Mozilla Bugzilla

CWE-200 — Sensitive Information Exposure5 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 27.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedAug 16

Latest updateMay 17

Description

Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla93 versions+92

🔴Vulnerability Details

GHSA

GHSA-fx3p-285m-h8c3: Bugzilla 2↗2022-05-17

▶

CVEList

CVE-2010-2758: Bugzilla 2↗2010-08-13

▶

💬Community

Bugzilla

CVE-2010-2756 CVE-2010-2757 CVE-2010-2758 CVE-2010-2759 bugzilla: multiple vulnerabilities corrected in 3.4.8/3.6.2 [fedora-all]↗2010-08-11

▶

Bugzilla

CVE-2010-2756 CVE-2010-2757 CVE-2010-2758 CVE-2010-2759 bugzilla: multiple vulnerabilities corrected in 3.4.8/3.6.2↗2010-08-11

▶