Lucene search

K
cveMitreCVE-2010-2470
HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-2470

2022-10-0316:21:08
CWE-264
mitre
web.nvd.nist.gov
36
cve-2010-2470
bugzilla
vulnerability
use_suexec
file permissions

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0

Percentile

5.1%

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180.

Affected configurations

Nvd
Node
mozillabugzillaMatch3.5.1
OR
mozillabugzillaMatch3.5.2
OR
mozillabugzillaMatch3.5.3
OR
mozillabugzillaMatch3.6
OR
mozillabugzillaMatch3.6rc1
OR
mozillabugzillaMatch3.6.1
OR
mozillabugzillaMatch3.7
OR
mozillabugzillaMatch3.7.1
VendorProductVersionCPE
mozillabugzilla3.6cpe:/a:mozilla:bugzilla:3.6:rc1::
mozillabugzilla3.6.1cpe:/a:mozilla:bugzilla:3.6.1:::
mozillabugzilla3.5.3cpe:/a:mozilla:bugzilla:3.5.3:::
mozillabugzilla3.5.1cpe:/a:mozilla:bugzilla:3.5.1:::
mozillabugzilla3.7.1cpe:/a:mozilla:bugzilla:3.7.1:::
mozillabugzilla3.7cpe:/a:mozilla:bugzilla:3.7:::
mozillabugzilla3.6cpe:/a:mozilla:bugzilla:3.6:::
mozillabugzilla3.5.2cpe:/a:mozilla:bugzilla:3.5.2:::

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0

Percentile

5.1%