CVE-2005-1565

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.17.1 through 2.18 Bugzilla version 2.19.1 Bugzilla version 2.19.2

Description The issue allows local users to potentially gain sensitive information from web logs or browser history when a user is prompted to log in while attempting to view a chart, as the password is displayed in the URL.

Recommendations For Bugzilla versions 2.17.1 through 2.18, consider restricting access to web logs and browser history to minimize the risk of exploitation. For Bugzilla version 2.19.1, avoid using the password parameter in the affected login functionality until the issue is resolved. For Bugzilla version 2.19.2, as a temporary workaround, consider disabling the chart viewing feature for unauthenticated users until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.