CVE-2014-1571

CWE-200 — Information Exposure CWE-190 — Integer Overflow12 documents6 sources

Severity

4.0MEDIUM

EPSS

0.5%

top 33.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Fedora Mozilla Bugzilla

Timeline

PublishedOct 13

Latest updateMay 17

Description

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla184 versions+183

Also affects: Fedora 19, 20, 21

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-rcrm-4q59-vjfh: Bugzilla 2↗2022-05-17

▶

CVEList

CVE-2014-1571: Bugzilla 2↗2014-10-13

▶

📋Vendor Advisories

Red Hat

file: incomplete fix for CVE-2012-1571 in cdf_read_property_info↗2014-08-21

▶

💬Community

Bugzilla

CVE-2014-1573 CVE-2014-1572 CVE-2014-1571 bugzilla: security fixes release [fedora-all]↗2014-10-07

▶

Bugzilla

CVE-2014-1573 CVE-2014-1572 CVE-2014-1571 bugzilla: security fixes release [epel-all]↗2014-10-07

▶

Bugzilla

CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla: security fixes release↗2014-10-07

▶