CVE-2012-5884

Name of the Vulnerable Software and Affected Versions Bugzilla version 4.3.2

Description The issue allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request. This is due to a problem in the User.get method in Bugzilla/WebService/User.pm.

Recommendations For Bugzilla version 4.3.2, consider restricting access to the User.get method until a patch is available. As a temporary workaround, avoid using the User.get method in XMLRPC or JSONRPC requests to minimize the risk of exploitation.