1.9 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through
3.7.1, when use_suexec is enabled, uses world-readable permissions within
(1) .bzr/ and (2) data/webdot/, which allows local users to obtain
potentially sensitive data by reading files in these directories, a
different vulnerability than CVE-2010-0180.
Author | Note |
---|---|
mdeslaur | only affects 3.5+ |