Ilja

Name of the Vulnerable Software and Affected Versions: Bugzilla versions prior to 2.22.5 Bugzilla versions 3.x prior to 3.0.5 Description: A directory traversal issue exists when the --attach path option is enabled, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the data element of an XML file. Recommendations: For versions prior to 2.22.5, update to version 2.22.5 or later. For versions 3.x prior to 3.0.5, update to version 3.0.5 or later. As a temporary workaround, consider disabling the --attach path option until a patch is available.