Lucene search
HistoryJul 30, 2012 - 1:55 p.m.
CVE-2012-1969
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6
Confidence
Low
EPSS
0.003
Percentile
66.4%
The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment.
Affected configurations
Node
mozillabugzillaMatch2.0
ORmozillabugzillaMatch2.2
ORmozillabugzillaMatch2.4
ORmozillabugzillaMatch2.6
ORmozillabugzillaMatch2.8
ORmozillabugzillaMatch2.9
ORmozillabugzillaMatch2.10
ORmozillabugzillaMatch2.12
ORmozillabugzillaMatch2.14
ORmozillabugzillaMatch2.14.1
ORmozillabugzillaMatch2.14.2
ORmozillabugzillaMatch2.14.3
ORmozillabugzillaMatch2.14.4
ORmozillabugzillaMatch2.14.5
ORmozillabugzillaMatch2.16
ORmozillabugzillaMatch2.16rc1
ORmozillabugzillaMatch2.16rc2
ORmozillabugzillaMatch2.16.1
ORmozillabugzillaMatch2.16.2
ORmozillabugzillaMatch2.16.3
ORmozillabugzillaMatch2.16.4
ORmozillabugzillaMatch2.16.5
ORmozillabugzillaMatch2.16.6
ORmozillabugzillaMatch2.16.7
ORmozillabugzillaMatch2.16.8
ORmozillabugzillaMatch2.16.9
ORmozillabugzillaMatch2.16.10
ORmozillabugzillaMatch2.16.11
ORmozillabugzillaMatch2.17
ORmozillabugzillaMatch2.17.1
ORmozillabugzillaMatch2.17.2
ORmozillabugzillaMatch2.17.3
ORmozillabugzillaMatch2.17.4
ORmozillabugzillaMatch2.17.5
ORmozillabugzillaMatch2.17.6
ORmozillabugzillaMatch2.17.7
ORmozillabugzillaMatch2.18
ORmozillabugzillaMatch2.18rc1
ORmozillabugzillaMatch2.18rc2
ORmozillabugzillaMatch2.18rc3
ORmozillabugzillaMatch2.18.1
ORmozillabugzillaMatch2.18.2
ORmozillabugzillaMatch2.18.3
ORmozillabugzillaMatch2.18.4
ORmozillabugzillaMatch2.18.5
ORmozillabugzillaMatch2.18.6
ORmozillabugzillaMatch2.18.6\+
ORmozillabugzillaMatch2.18.7
ORmozillabugzillaMatch2.18.8
ORmozillabugzillaMatch2.18.9
ORmozillabugzillaMatch2.19
ORmozillabugzillaMatch2.19.1
ORmozillabugzillaMatch2.19.2
ORmozillabugzillaMatch2.19.3
ORmozillabugzillaMatch2.20
ORmozillabugzillaMatch2.20rc1
ORmozillabugzillaMatch2.20rc2
ORmozillabugzillaMatch2.20.1
ORmozillabugzillaMatch2.20.2
ORmozillabugzillaMatch2.20.3
ORmozillabugzillaMatch2.20.4
ORmozillabugzillaMatch2.20.5
ORmozillabugzillaMatch2.20.6
ORmozillabugzillaMatch2.20.7
ORmozillabugzillaMatch2.21
ORmozillabugzillaMatch2.21.1
ORmozillabugzillaMatch2.21.2
ORmozillabugzillaMatch2.21.2rc1
ORmozillabugzillaMatch2.22
ORmozillabugzillaMatch2.22rc1
ORmozillabugzillaMatch2.22.1
ORmozillabugzillaMatch2.22.2
ORmozillabugzillaMatch2.22.3
ORmozillabugzillaMatch2.22.4
ORmozillabugzillaMatch2.22.5
ORmozillabugzillaMatch2.22.6
ORmozillabugzillaMatch2.22.7
ORmozillabugzillaMatch2.23
ORmozillabugzillaMatch2.23.1
ORmozillabugzillaMatch2.23.2
ORmozillabugzillaMatch2.23.3
ORmozillabugzillaMatch2.23.4
Node
mozillabugzillaMatch3.0
ORmozillabugzillaMatch3.0rc1
ORmozillabugzillaMatch3.0.0
ORmozillabugzillaMatch3.0.1
ORmozillabugzillaMatch3.0.2
ORmozillabugzillaMatch3.0.3
ORmozillabugzillaMatch3.0.4
ORmozillabugzillaMatch3.0.5
ORmozillabugzillaMatch3.0.6
ORmozillabugzillaMatch3.0.7
ORmozillabugzillaMatch3.0.8
ORmozillabugzillaMatch3.0.9
ORmozillabugzillaMatch3.0.10
ORmozillabugzillaMatch3.0.11
ORmozillabugzillaMatch3.1.0
ORmozillabugzillaMatch3.1.1
ORmozillabugzillaMatch3.1.2
ORmozillabugzillaMatch3.1.3
ORmozillabugzillaMatch3.1.4
ORmozillabugzillaMatch3.2
ORmozillabugzillaMatch3.2rc1
ORmozillabugzillaMatch3.2rc2
ORmozillabugzillaMatch3.2.1
ORmozillabugzillaMatch3.2.2
ORmozillabugzillaMatch3.2.3
ORmozillabugzillaMatch3.2.4
ORmozillabugzillaMatch3.2.5
ORmozillabugzillaMatch3.2.6
ORmozillabugzillaMatch3.2.7
ORmozillabugzillaMatch3.2.8
ORmozillabugzillaMatch3.2.9
ORmozillabugzillaMatch3.2.10
ORmozillabugzillaMatch3.3
ORmozillabugzillaMatch3.3.1
ORmozillabugzillaMatch3.3.2
ORmozillabugzillaMatch3.3.3
ORmozillabugzillaMatch3.3.4
ORmozillabugzillaMatch3.4
ORmozillabugzillaMatch3.4rc1
ORmozillabugzillaMatch3.4.1
ORmozillabugzillaMatch3.4.2
ORmozillabugzillaMatch3.4.3
ORmozillabugzillaMatch3.4.4
ORmozillabugzillaMatch3.4.5
ORmozillabugzillaMatch3.4.6
ORmozillabugzillaMatch3.4.7
ORmozillabugzillaMatch3.4.8
ORmozillabugzillaMatch3.4.9
ORmozillabugzillaMatch3.4.10
ORmozillabugzillaMatch3.4.11
ORmozillabugzillaMatch3.4.12
ORmozillabugzillaMatch3.4.13
ORmozillabugzillaMatch3.5
ORmozillabugzillaMatch3.5.1
ORmozillabugzillaMatch3.5.2
ORmozillabugzillaMatch3.5.3
ORmozillabugzillaMatch3.6
ORmozillabugzillaMatch3.6rc1
ORmozillabugzillaMatch3.6.0
ORmozillabugzillaMatch3.6.1
ORmozillabugzillaMatch3.6.2
ORmozillabugzillaMatch3.6.3
ORmozillabugzillaMatch3.6.4
ORmozillabugzillaMatch3.6.5
ORmozillabugzillaMatch3.6.6
ORmozillabugzillaMatch3.6.7
ORmozillabugzillaMatch3.6.8
ORmozillabugzillaMatch3.6.9
ORmozillabugzillaMatch3.7
ORmozillabugzillaMatch3.7.1
ORmozillabugzillaMatch3.7.2
ORmozillabugzillaMatch3.7.3
Node
mozillabugzillaMatch4.0
ORmozillabugzillaMatch4.0rc1
ORmozillabugzillaMatch4.0rc2
ORmozillabugzillaMatch4.0.1
ORmozillabugzillaMatch4.0.2
ORmozillabugzillaMatch4.0.3
ORmozillabugzillaMatch4.0.4
ORmozillabugzillaMatch4.0.5
ORmozillabugzillaMatch4.0.6
Node
mozillabugzillaMatch4.1
ORmozillabugzillaMatch4.1.1
ORmozillabugzillaMatch4.1.2
ORmozillabugzillaMatch4.1.3
Node
mozillabugzillaMatch4.2
ORmozillabugzillaMatch4.2rc1
ORmozillabugzillaMatch4.2rc2
ORmozillabugzillaMatch4.2.1
Node
mozillabugzillaMatch4.3
ORmozillabugzillaMatch4.3.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | bugzilla | 2.0 | cpe:2.3:a:mozilla:bugzilla:2.0:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.2 | cpe:2.3:a:mozilla:bugzilla:2.2:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.4 | cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.6 | cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.8 | cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.9 | cpe:2.3:a:mozilla:bugzilla:2.9:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.10 | cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.12 | cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.14 | cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.14.1 | cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2012-1969
2012-07-30 00:00:00
nessus
nessus
Fedora 17 : bugzilla-4.0.7-1.fc17 (2012-11364)
2012-08-13 00:00:00
Fedora 16 : bugzilla-4.0.7-1.fc16 (2012-11324)
2012-08-13 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: bugzilla-4.0.7-1.fc17
2012-08-13 02:21:47
[SECURITY] Fedora 17 Update: bugzilla-4.0.9-1.fc17
2012-11-24 03:29:26
[SECURITY] Fedora 16 Update: bugzilla-4.0.7-1.fc16
2012-08-13 02:22:08
openvas
openvas
Fedora Update for bugzilla FEDORA-2012-11364
2012-08-30 00:00:00
Fedora Update for bugzilla FEDORA-2012-11364
2012-08-30 00:00:00
Fedora Update for bugzilla FEDORA-2012-13163
2012-09-11 00:00:00
cve
cve
CVE-2012-1969
2012-07-30 13:55:10
prion
prion
Design/Logic Flaw
2012-07-30 13:55:00
cvelist
cvelist
CVE-2012-1969
2012-07-28 18:00:00
freebsd
freebsd
bugzilla -- multiple vulnerabilities
2012-07-26 00:00:00
securityvulns
securityvulns
Security advisory for Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10
2012-09-03 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6
Confidence
Low
EPSS
0.003
Percentile
66.4%
Related for NVD:CVE-2012-1969