CVE-2009-3387

Name of the Vulnerable Software and Affected Versions Bugzilla versions 3.3.1 through 3.4.4 Bugzilla version 3.5.1 Bugzilla version 3.5.2

Description The issue allows remote attackers to obtain sensitive information via a request for a bug in certain circumstances, due to the failure to preserve group restrictions when moving a bug to a different product category.

Recommendations For Bugzilla versions 3.3.1 through 3.4.4, update the bug moving process to preserve group restrictions. For Bugzilla version 3.5.1, modify the bug moving functionality to maintain group restrictions. For Bugzilla version 3.5.2, adjust the product category change process to retain group restrictions.