CVE-2011-2380

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.22.7 through 2.23.3 Bugzilla versions 3.0.x through 3.3.x Bugzilla versions 3.4.x before 3.4.12 Bugzilla versions 3.5.x Bugzilla versions 3.6.x before 3.6.6 Bugzilla versions 3.7.x Bugzilla versions 4.0.x before 4.0.2 Bugzilla versions 4.1.x before 4.1.3

Description The issue allows remote attackers to determine the existence of private group names via a crafted parameter during bug creation or bug editing.

Recommendations For versions 2.22.7 through 2.23.3, update to a version outside of this range to resolve the issue. For versions 3.0.x through 3.3.x, update to a version outside of this range to resolve the issue. For versions 3.4.x before 3.4.12, update to version 3.4.12 or later to resolve the issue. For versions 3.5.x, update to a version outside of this range to resolve the issue. For versions 3.6.x before 3.6.6, update to version 3.6.6 or later to resolve the issue. For versions 3.7.x, update to a version outside of this range to resolve the issue. For versions 4.0.x before 4.0.2, update to version 4.0.2 or later to resolve the issue. For versions 4.1.x before 4.1.3, update to version 4.1.3 or later to resolve the issue.