CVE-2012-1969Mozilla Bugzilla vulnerability

CWE-2646 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 40.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedJul 30
Latest updateMay 17

Description

The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/bugzilla155 versions+154

🔴Vulnerability Details

2
GHSA
GHSA-qjf6-f5hw-69vh: The get_attachment_link function in Template2022-05-17
CVEList
CVE-2012-1969: The get_attachment_link function in Template2012-07-28

💬Community

3
Bugzilla
CVE-2012-1969 bugzilla: information leak (description of private attachments)2012-07-27
Bugzilla
CVE-2012-1969 bugzilla: information leak (description of private attachments) [epel-all]2012-07-27
Bugzilla
CVE-2012-1969 bugzilla: information leak (description of private attachments) [fedora-all]2012-07-27
CVE-2012-1969 — Mozilla Bugzilla vulnerability | cvebase