CVE-2011-2380Sensitive Information Exposure in Mozilla Bugzilla

CWE-200Sensitive Information Exposure5 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.7%
top 28.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedAug 9
Latest updateMay 17

Description

Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to determine the existence of private group names via a crafted parameter during (1) bug creation or (2) bug editing.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/bugzilla70 versions+69

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-f4x5-7cjq-vgcr: Bugzilla 22022-05-17
CVEList
CVE-2011-2380: Bugzilla 22011-08-09

💬Community

2
Bugzilla
CVE-2011-2976 CVE-2011-2379 CVE-2011-2380 CVE-2011-2979 CVE-2011-2381 CVE-2011-2978 CVE-2011-2977 bugzilla: multiple security flaws fixed in 3.4.12, 3.6.6, 4.0.2, and 4.1.3 [epel-all]2011-08-08
Bugzilla
CVE-2011-2976 CVE-2011-2379 CVE-2011-2380 CVE-2011-2979 CVE-2011-2381 CVE-2011-2978 CVE-2011-2977 bugzilla: multiple security flaws fixed in 3.4.12, 3.6.6, 4.0.2, and 4.1.32011-08-08
CVE-2011-2380 — Sensitive Information Exposure | cvebase