CVE-2012-1969
N/A
N/A
Summary
The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.bugzilla.org/security/3.6.9/
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:066
- https://bugzilla.mozilla.org/show_bug.cgi?id=777586
- http://secunia.com/advisories/50040
References
- http://www.bugzilla.org/security/3.6.9/
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:066
- https://bugzilla.mozilla.org/show_bug.cgi?id=777586
- http://secunia.com/advisories/50040
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.