Lucene search

PRIOn knowledge basePRION:CVE-2010-2470

HistoryJun 28, 2010 - 5:30 p.m.

Design/Logic Flaw

2010-06-2817:30:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180.

CPENameOperatorVersion
bugzillaeq3.6.1
bugzillaeq3.7.1
bugzillaeq3.7
bugzillaeq3.5.3
bugzillaeq3.6
bugzillaeq3.5.2
bugzillaeq3.5.1
bugzillaeq3.6 rc1

Name	Operator	Version
bugzilla	eq	3.6.1
bugzilla	eq	3.7.1
bugzilla	eq	3.7
bugzilla	eq	3.5.3
bugzilla	eq	3.6
bugzilla	eq	3.5.2
bugzilla	eq	3.5.1
bugzilla	eq	3.6 rc1

References

bugzilla.mozilla.org/show_bug.cgi?id=561797

6.4 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for PRION:CVE-2010-2470