CVE-2012-4747 — Mozilla Bugzilla vulnerability

CWE-2645 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 50.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedSep 4

Latest updateMay 17

Description

Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla159 versions+158

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-pmc8-6rrw-66jj: Bugzilla 2↗2022-05-17

▶

CVEList

CVE-2012-4747: Bugzilla 2↗2012-09-04

▶

💬Community

Bugzilla

CVE-2012-3981 CVE-2012-4747 bugzilla: LDAP injection and disclosure of sensitive information↗2012-09-03

▶

Bugzilla

CVE-2012-3981 CVE-2012-4747 bugzilla: various flaws [epel-all]↗2012-09-03

▶