Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19881
HistoryJun 28, 2010 - 12:00 a.m.

Mozilla Bugzilla时间追踪功能信息泄露漏洞

2010-06-2800:00:00
Root
www.seebug.org
17

0.003 Low

EPSS

Percentile

71.8%

JSON

BUGTRAQ ID: 41141
CVE ID: CVE-2010-1204

Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。

正常情况下有关时间追踪(估计时间、实际时间、已工作时间、截止日期等)的信息应仅限于time-tracking组中的用户可访问,但用户可以通过创建搜索URL使用上述字段搜索bug。如果bug匹配到了搜索,就可以获取有关时间追踪的敏感信息。

Mozilla Bugzilla 3.x
Mozilla Bugzilla 2.x
厂商补丁:

Mozilla

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.bugzilla.org/download/

Related

nessus 7
openvas 18
fedora 7
cvelist 1
cve 1
ubuntucve 1
prion 1
nvd 1
freebsd 1
nessus
nessus
Fedora 13 : bugzilla-3.4.7-2.fc13 (2010-10669)
2010-07-08 00:00:00
Fedora 12 : bugzilla-3.4.7-1.fc12 (2010-10398)
2010-07-06 00:00:00
FreeBSD : bugzilla -- information disclosure (f1331504-8849-11df-89b8-00151735203a)
2010-07-06 00:00:00
openvas
openvas
Fedora Update for bugzilla FEDORA-2010-10669
2010-07-12 00:00:00
Bugzilla 'time-tracking' Information Disclosure Vulnerability
2010-07-06 00:00:00
Fedora Update for bugzilla FEDORA-2011-0755
2011-02-04 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: bugzilla-3.4.7-2.fc13
2010-07-07 17:38:54
[SECURITY] Fedora 13 Update: bugzilla-3.4.10-1.fc13
2011-02-02 19:36:07
[SECURITY] Fedora 13 Update: bugzilla-3.4.9-1.fc13
2010-11-14 21:28:33
cvelist
cvelist
CVE-2010-1204
2022-10-03 16:21:01
cve
cve
CVE-2010-1204
2022-10-03 16:21:01
ubuntucve
ubuntucve
CVE-2010-1204
2010-06-28 00:00:00
prion
prion
Design/Logic Flaw
2010-06-28 17:30:00
nvd
nvd
CVE-2010-1204
2010-06-28 17:30:01
freebsd
freebsd
bugzilla -- information disclosure
2010-06-24 00:00:00

0.003 Low

EPSS

Percentile

71.8%

JSON
Related for SSV:19881
nessus7openvas18fedora7cvelist1cve1ubuntucve1prion1nvd1freebsd1