PT-2012-6165 · Mozilla · Bugzilla

Published

2012-11-16

Updated

2017-08-29

CVE-2012-5884

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Bugzilla version 4.3.2

Description The issue allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request. This is due to a problem in the User.get method in Bugzilla/WebService/User.pm.

Recommendations For Bugzilla version 4.3.2, consider restricting access to the User.get method until a patch is available. As a temporary workaround, avoid using the User.get method in XMLRPC or JSONRPC requests to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2012-5884

Affected Products

Bugzilla

PT-2012-6165 · Mozilla · Bugzilla

CVE-2012-5884

Weakness Enumeration

Related Identifiers

Affected Products

References · 5