Lucene search
MitreCVE-2005-3139HistoryOct 05, 2005 - 9:02 p.m.
CVE-2005-3139
2005-10-0521:02:00
mitre
web.nvd.nist.gov
24
cve
bugzilla
user matching
authorization
attack
visibility groups
security vulnerability
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.6
Confidence
High
EPSS
0.008
Percentile
81.5%
Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.
Affected configurations
Node
mozillabugzillaMatch2.19.1
ORmozillabugzillaMatch2.19.2
ORmozillabugzillaMatch2.19.3
ORmozillabugzillaMatch2.20rc1
ORmozillabugzillaMatch2.20rc2
ORmozillabugzillaMatch2.21
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | bugzilla | 2.19.1 | cpe:2.3:a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.19.2 | cpe:2.3:a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.19.3 | cpe:2.3:a:mozilla:bugzilla:2.19.3:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.20 | cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:* |
| mozilla | bugzilla | 2.20 | cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:* |
| mozilla | bugzilla | 2.21 | cpe:2.3:a:mozilla:bugzilla:2.21:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2005-3139
2005-10-05 00:00:00
nvd
nvd
CVE-2005-3139
2005-10-05 21:02:00
cvelist
cvelist
CVE-2005-3139
2005-10-05 04:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.6
Confidence
High
EPSS
0.008
Percentile
81.5%
Related for CVE-2005-3139