CVE-2012-4197

CWE-200Information Exposure3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.3%
top 45.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedNov 16
Latest updateMay 17

Description

Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/bugzilla3.6.11+162

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-gw4x-3jgm-3945: Bugzilla/Attachment2022-05-17
CVEList
CVE-2012-4197: Bugzilla/Attachment2012-11-16
CVE-2012-4197 (MEDIUM CVSS 5) | Bugzilla/Attachment.pm in attachmen | cvebase.io