CVE-2012-5884

CWE-200Information Exposure3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.3%
top 50.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedNov 16
Latest updateMay 17

Description

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/bugzilla4.3.2

🔴Vulnerability Details

2
GHSA
GHSA-4hjg-8mv8-5cfh: The User2022-05-17
CVEList
CVE-2012-5884: The User2012-11-16
CVE-2012-5884 (MEDIUM CVSS 5) | The User.get method in Bugzilla/Web | cvebase.io