CVE-2012-1969

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.x through 3.6.9 Bugzilla versions 3.7.x Bugzilla versions 4.0.x through 4.0.6 Bugzilla versions 4.1.x through 4.2.1 Bugzilla versions 4.3.x through 4.3.1

Description The issue concerns the get attachment link function in Template.pm, which fails to check if an attachment is private before displaying its description in a public comment. This allows remote attackers to obtain sensitive information by reading a comment.

Recommendations For Bugzilla versions 2.x through 3.6.9, update to version 3.6.10 or later. For Bugzilla versions 3.7.x, update to a version outside of the 3.7.x range, such as 4.0.7 or later. For Bugzilla versions 4.0.x through 4.0.6, update to version 4.0.7 or later. For Bugzilla versions 4.1.x through 4.2.1, update to version 4.2.2 or later. For Bugzilla versions 4.3.x through 4.3.1, update to version 4.3.2 or later.