CVE-2010-0180

Name of the Vulnerable Software and Affected Versions Bugzilla versions 3.5.1 through 3.7

Description The issue allows local users to read sensitive configuration fields due to world-readable permissions for the localconfig files when use suexec is enabled. This can be demonstrated by accessing the database password field and the site wide secret field.

Recommendations For Bugzilla versions 3.5.1 through 3.7, consider changing the permissions of the localconfig files to prevent world-readable access when use suexec is enabled. As a temporary workaround, restrict access to the localconfig files to minimize the risk of exploitation.