Lucene search

K
cveMitreCVE-2010-0180
HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-0180

2022-10-0316:21:10
CWE-264
mitre
web.nvd.nist.gov
31
cve-2010-0180
bugzilla
install/filesystem.pm
vulnerability
nvd
security
sensitive configuration
localconfig files
use_suexec

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0

Percentile

5.1%

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.

Affected configurations

Nvd
Node
mozillabugzillaMatch3.5.1
OR
mozillabugzillaMatch3.5.2
OR
mozillabugzillaMatch3.5.3
OR
mozillabugzillaMatch3.6
OR
mozillabugzillaMatch3.7
VendorProductVersionCPE
mozillabugzilla3.6cpe:/a:mozilla:bugzilla:3.6:::
mozillabugzilla3.5.2cpe:/a:mozilla:bugzilla:3.5.2:::
mozillabugzilla3.5.1cpe:/a:mozilla:bugzilla:3.5.1:::
mozillabugzilla3.7cpe:/a:mozilla:bugzilla:3.7:::
mozillabugzilla3.5.3cpe:/a:mozilla:bugzilla:3.5.3:::

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0

Percentile

5.1%