Lucene search

[email protected]CVE-2005-3139

HistoryOct 05, 2005 - 9:02 p.m.

CVE-2005-3139

2005-10-0521:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

bugzilla

user matching

authorization

attack

visibility groups

security vulnerability

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON

Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.

CPENameOperatorVersion
mozilla:bugzillamozilla bugzillaeq2.19.3
mozilla:bugzillamozilla bugzillaeq2.20
mozilla:bugzillamozilla bugzillaeq2.19.1
mozilla:bugzillamozilla bugzillaeq2.21
mozilla:bugzillamozilla bugzillaeq2.19.2

CPE	Name	Operator	Version
mozilla:bugzilla	mozilla bugzilla	eq	2.19.3
mozilla:bugzilla	mozilla bugzilla	eq	2.20
mozilla:bugzilla	mozilla bugzilla	eq	2.19.1
mozilla:bugzilla	mozilla bugzilla	eq	2.21
mozilla:bugzilla	mozilla bugzilla	eq	2.19.2

References

marc.info/?l=bugtraq&m=112818466125484&w=2

secunia.com/advisories/17030/

www.bugzilla.org/security/2.18.4/

www.securityfocus.com/bid/14996

exchange.xforce.ibmcloud.com/vulnerabilities/42799

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for CVE-2005-3139

ubuntucve1