CVE-2011-2977

Name of the Vulnerable Software and Affected Versions Bugzilla versions 3.6.x through 3.6.5 Bugzilla versions 3.7.x Bugzilla versions 4.0.x through 4.0.1 Bugzilla versions 4.1.x through 4.1.2

Description The issue allows local users to obtain sensitive information by reading temporary files associated with uploaded attachments, which are not deleted. This problem exists due to a regression in version 3.6.

Recommendations For versions 3.6.x through 3.6.5, update to version 3.6.6 or later. For versions 3.7.x, update to a version that fixes this issue, as no specific fixed version is provided for this branch. For versions 4.0.x through 4.0.1, update to version 4.0.2 or later. For versions 4.1.x through 4.1.2, update to version 4.1.3 or later.