CVE-2012-4747

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.x through 4.3.x before 4.3.3, specifically: Bugzilla versions 2.x through 3.6.11 Bugzilla versions 3.7.x Bugzilla versions 4.0.x before 4.0.8 Bugzilla versions 4.1.x Bugzilla versions 4.2.x before 4.2.3

Description The issue allows remote attackers to read sensitive files due to insufficient access control. This includes (1) template files, (2) custom extension files under the extensions/ directory, or (3) custom documentation files under the docs/ directory via a direct request.

Recommendations For Bugzilla versions 2.x through 3.6.11, update to version 3.6.12 or later. For Bugzilla versions 3.7.x, update to version 4.0.8 or later. For Bugzilla versions 4.0.x before 4.0.8, update to version 4.0.8 or later. For Bugzilla versions 4.1.x, update to version 4.2.3 or later. For Bugzilla versions 4.2.x before 4.2.3, update to version 4.2.3 or later. For Bugzilla versions 4.3.x before 4.3.3, update to version 4.3.3 or later.