5

CVE-2009-3386

Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaBugzilla Version3.3.2
MozillaBugzilla Version3.3.3
MozillaBugzilla Version3.3.4
MozillaBugzilla Version3.4
MozillaBugzilla Version3.4 Updaterc1
MozillaBugzilla Version3.4.1
MozillaBugzilla Version3.4.2
MozillaBugzilla Version3.4.3
MozillaBugzilla Version3.5
MozillaBugzilla Version3.5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.73% 0.746
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://osvdb.org/60271
http://secunia.com/advisories/37423
Vendor Advisory
http://www.bugzilla.org/security/3.4.3/
Patch
Vendor Advisory
http://www.securityfocus.com/bid/37062
Patch
http://www.vupen.com/english/advisories/2009/3288
Patch
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=529416
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/54332