bugzilla -- information leak

ID 92CA92C1-D859-11DE-89F9-001517351C22
Type freebsd
Reporter FreeBSD
Modified 2009-11-18T00:00:00


A Bugzilla Security Advisory reports:

When a bug is in a group, none of its information (other than its status and resolution) should be visible to users outside that group. It was discovered that as of 3.3.2, Bugzilla was showing the alias of the bug (a very short string used as a shortcut for looking up the bug) to users outside of the group, if the protected bug ended up in the "Depends On" or "Blocks" list of any other bug.