Wicked

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 2.17.1 through 3.2.6 Bugzilla versions 3.3.1 through 3.4.6 Bugzilla versions 3.5.1 through 3.6 Bugzilla version 3.7 **Description** The issue allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search" in the Search.pm module. **Recommendations** For Bugzilla versions 2.17.1 through 3.2.6, update to a version outside of this range to resolve the issue. For Bugzilla versions 3.3.1 through 3.4.6, update to a version outside of this range to resolve the issue. For Bugzilla versions 3.5.1 through 3.6, update to a version outside of this range to resolve the issue. For Bugzilla version 3.7, update to a version later than 3.7 to resolve the issue.