CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
68.4%
The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debug mode for a query.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | bugzilla | * | cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:* |
mozilla | bugzilla | 3.6 | cpe:2.3:a:mozilla:bugzilla:3.6:*:*:*:*:*:*:* |
mozilla | bugzilla | 3.6 | cpe:2.3:a:mozilla:bugzilla:3.6:rc1:*:*:*:*:*:* |
mozilla | bugzilla | 3.6.0 | cpe:2.3:a:mozilla:bugzilla:3.6.0:*:*:*:*:*:*:* |
mozilla | bugzilla | 3.6.1 | cpe:2.3:a:mozilla:bugzilla:3.6.1:*:*:*:*:*:*:* |
mozilla | bugzilla | 3.6.2 | cpe:2.3:a:mozilla:bugzilla:3.6.2:*:*:*:*:*:*:* |
mozilla | bugzilla | 3.6.3 | cpe:2.3:a:mozilla:bugzilla:3.6.3:*:*:*:*:*:*:* |
mozilla | bugzilla | 3.6.4 | cpe:2.3:a:mozilla:bugzilla:3.6.4:*:*:*:*:*:*:* |
mozilla | bugzilla | 3.6.5 | cpe:2.3:a:mozilla:bugzilla:3.6.5:*:*:*:*:*:*:* |
mozilla | bugzilla | 3.6.6 | cpe:2.3:a:mozilla:bugzilla:3.6.6:*:*:*:*:*:*:* |