Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-5884
HistoryNov 16, 2012 - 12:00 a.m.

CVE-2012-5884

2012-11-1600:00:00
ubuntu.com
ubuntu.com
12

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.7%

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows
remote attackers to obtain sensitive information about the saved searches
of arbitrary users via an XMLRPC request or a JSONRPC request, a different
vulnerability than CVE-2012-4198.

Notes

Author Note
mdeslaur only bugzilla 4.x

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.7%