Lucene search

[email protected]NVD:CVE-2010-2756

HistoryAug 16, 2010 - 3:14 p.m.

CVE-2010-2756

2010-08-1615:14:12

CWE-264

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.

Affected configurations

NVD

Node

mozillabugzillaMatch2.2

mozillabugzillaMatch2.4

mozillabugzillaMatch2.6

mozillabugzillaMatch2.8

mozillabugzillaMatch2.9

mozillabugzillaMatch2.19.1

mozillabugzillaMatch2.19.2

mozillabugzillaMatch2.19.3

mozillabugzillaMatch2.20

mozillabugzillaMatch2.20rc1

mozillabugzillaMatch2.20rc2

mozillabugzillaMatch2.20.1

mozillabugzillaMatch2.20.2

mozillabugzillaMatch2.20.3

mozillabugzillaMatch2.20.4

mozillabugzillaMatch2.20.5

mozillabugzillaMatch2.20.6

mozillabugzillaMatch2.20.7

mozillabugzillaMatch2.21

mozillabugzillaMatch2.21.1

mozillabugzillaMatch2.21.2

mozillabugzillaMatch2.22

mozillabugzillaMatch2.22rc1

mozillabugzillaMatch2.22.1

mozillabugzillaMatch2.22.3

mozillabugzillaMatch2.22.4

mozillabugzillaMatch2.22.5

mozillabugzillaMatch2.22.6

mozillabugzillaMatch2.22.7

mozillabugzillaMatch2.23

mozillabugzillaMatch2.23.1

mozillabugzillaMatch2.23.2

mozillabugzillaMatch2.23.3

mozillabugzillaMatch2.23.4

mozillabugzillaMatch3.0

mozillabugzillaMatch3.0rc1

mozillabugzillaMatch3.0.0

mozillabugzillaMatch3.0.1

mozillabugzillaMatch3.0.2

mozillabugzillaMatch3.0.3

mozillabugzillaMatch3.0.4

mozillabugzillaMatch3.0.5

mozillabugzillaMatch3.0.6

mozillabugzillaMatch3.0.7

mozillabugzillaMatch3.0.8

mozillabugzillaMatch3.0.9

mozillabugzillaMatch3.0.10

mozillabugzillaMatch3.0.11

mozillabugzillaMatch3.1.0

mozillabugzillaMatch3.1.1

mozillabugzillaMatch3.1.2

mozillabugzillaMatch3.1.3

mozillabugzillaMatch3.2

mozillabugzillaMatch3.2.2

mozillabugzillaMatch3.2.3

mozillabugzillaMatch3.2.4

mozillabugzillaMatch3.2.5

mozillabugzillaMatch3.2.6

mozillabugzillaMatch3.2.7

mozillabugzillaMatch3.3.1

mozillabugzillaMatch3.3.2

mozillabugzillaMatch3.3.3

mozillabugzillaMatch3.3.4

mozillabugzillaMatch3.4.1

mozillabugzillaMatch3.4.2

mozillabugzillaMatch3.4.3

mozillabugzillaMatch3.4.4

mozillabugzillaMatch3.4.5

mozillabugzillaMatch3.4.6

mozillabugzillaMatch3.4.7

mozillabugzillaMatch3.5.1

mozillabugzillaMatch3.5.2

mozillabugzillaMatch3.5.3

mozillabugzillaMatch3.6

mozillabugzillaMatch3.6.1

mozillabugzillaMatch3.7

mozillabugzillaMatch3.7.1

mozillabugzillaMatch3.7.2

References

lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html

lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html

lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html

secunia.com/advisories/40892

secunia.com/advisories/41128

www.bugzilla.org/security/3.2.7/

www.securityfocus.com/bid/42275

www.vupen.com/english/advisories/2010/2035

www.vupen.com/english/advisories/2010/2205

bugzilla.mozilla.org/show_bug.cgi?id=417048

bugzilla.redhat.com/show_bug.cgi?id=623423

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

Related for NVD:CVE-2010-2756

nessus6 prion2 ubuntucve2 cve2 openvas14 cvelist2 nvd1 fedora3 freebsd1