PRIOn knowledge basePRION:CVE-2010-2756Design/Logic Flaw
Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.
References
secunia.com/advisories/40892
secunia.com/advisories/41128
www.bugzilla.org/security/3.2.7/
www.securityfocus.com/bid/42275
www.vupen.com/english/advisories/2010/2035
www.vupen.com/english/advisories/2010/2205
bugzilla.mozilla.org/show_bug.cgi?id=417048
bugzilla.redhat.com/show_bug.cgi?id=623423
lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
Related
