CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
69.3%
The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows
remote attackers to obtain sensitive information about the saved searches
of arbitrary users via an XMLRPC request or a JSONRPC request, a different
vulnerability than CVE-2012-4198.
Author | Note |
---|---|
mdeslaur | only bugzilla 4.x |