CVE-2012-4199Sensitive Information Exposure in Mozilla Bugzilla

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 45.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedNov 16
Latest updateMay 17

Description

template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function calls containing private product names or private component names in certain circumstances involving custom-field visibility control, which allows remote attackers to obtain sensitive information by reading HTML source code.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/bugzilla3.6.11+89

🔴Vulnerability Details

2
GHSA
GHSA-qjc8-mcp6-hq6r: template/en/default/bug/field-events2022-05-17
CVEList
CVE-2012-4199: template/en/default/bug/field-events2012-11-16