Lucene search
RootSSV:60471HistoryNov 19, 2012 - 12:00 a.m.
Bugzilla User.get()组信息泄露漏洞
2012-11-1900:00:00
Root
www.seebug.org
13
0.001 Low
EPSS
Percentile
44.8%
BUGTRAQ ID: 56504
CVE ID: CVE-2012-4198
Bugzilla是一个开源的缺陷跟踪系统,它可以管理软件开发中缺陷的提交,修复,关闭等整个生命周期。
Bugzilla用’groups’参数调用 User.get 方法,根据是否有错误,可泄露组的存在信息。如果用户调用不属于这些组的User.get 方法,也会出现错误。
0
Mozilla Bugzilla 4.x
Mozilla Bugzilla 3.x
厂商补丁:
Mozilla
目前厂商已经发布了升级补丁3.6.12, 4.0.9, 4.2.4, 4.4rc1 以修复这个安全问题,请到厂商的主页下载:
Related
cve
cve
CVE-2012-4198
2012-11-16 12:24:00
CVE-2012-5884
2012-11-16 12:24:00
prion
prion
Design/Logic Flaw
2012-11-16 12:24:00
Design/Logic Flaw
2012-11-16 12:24:00
ubuntucve
ubuntucve
CVE-2012-4198
2012-11-16 00:00:00
CVE-2012-5884
2012-11-16 00:00:00
openvas
openvas
FreeBSD Ports: bugzilla
2012-11-26 00:00:00
FreeBSD Ports: bugzilla
2012-11-26 00:00:00
nessus
nessus
Bugzilla < 3.6.12 / 4.0.9 / 4.2.4 / 4.4rc1 Multiple Vulnerabilities
2012-11-20 00:00:00
FreeBSD : bugzilla -- multiple vulnerabilities (2b841f88-2e8d-11e2-ad21-20cf30e32f6d)
2012-11-19 00:00:00
Mandriva Linux Security Advisory : bugzilla (MDVSA-2013:066)
2013-04-20 00:00:00
securityvulns
securityvulns
Security advisory for Bugzilla 4.4rc1, 4.2.4, 4.0.9 and 3.6.12
2012-11-18 00:00:00
freebsd
freebsd
bugzilla -- multiple vulnerabilities
2012-11-13 00:00:00