Design/Logic Flaw

2012-07-3013:55:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.5%

JSON

Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message.

CPENameOperatorVersion
bugzillaeq4.1.1
bugzillaeq4.3.1
bugzillaeq4.2 rc1
bugzillaeq4.2 rc2
bugzillaeq4.2.1
bugzillaeq4.3
bugzillaeq4.1
bugzillaeq4.2
bugzillaeq4.1.2
bugzillaeq4.1.3