2.1

CVE-2011-2977

Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files.  NOTE: this issue exists because of a regression in 3.6.

Data is provided by the National Vulnerability Database (NVD)
MozillaBugzilla Version3.6.0
   MicrosoftWindows
MozillaBugzilla Version3.6.1
   MicrosoftWindows
MozillaBugzilla Version3.6.2
   MicrosoftWindows
MozillaBugzilla Version3.6.3
   MicrosoftWindows
MozillaBugzilla Version3.6.4
   MicrosoftWindows
MozillaBugzilla Version3.6.5
   MicrosoftWindows
MozillaBugzilla Version3.7
   MicrosoftWindows
MozillaBugzilla Version3.7.1
   MicrosoftWindows
MozillaBugzilla Version3.7.2
   MicrosoftWindows
MozillaBugzilla Version3.7.3
   MicrosoftWindows
MozillaBugzilla Version4.0
   MicrosoftWindows
MozillaBugzilla Version4.0 Updaterc1
   MicrosoftWindows
MozillaBugzilla Version4.0 Updaterc2
   MicrosoftWindows
MozillaBugzilla Version4.0.1
   MicrosoftWindows
MozillaBugzilla Version4.1
   MicrosoftWindows
MozillaBugzilla Version4.1.1
   MicrosoftWindows
MozillaBugzilla Version4.1.2
   MicrosoftWindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.175
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N