2.1

CVE-2011-2977

Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files.  NOTE: this issue exists because of a regression in 3.6.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaBugzilla Version3.6.0
   MicrosoftWindows
MozillaBugzilla Version3.6.1
   MicrosoftWindows
MozillaBugzilla Version3.6.2
   MicrosoftWindows
MozillaBugzilla Version3.6.3
   MicrosoftWindows
MozillaBugzilla Version3.6.4
   MicrosoftWindows
MozillaBugzilla Version3.6.5
   MicrosoftWindows
MozillaBugzilla Version3.7
   MicrosoftWindows
MozillaBugzilla Version3.7.1
   MicrosoftWindows
MozillaBugzilla Version3.7.2
   MicrosoftWindows
MozillaBugzilla Version3.7.3
   MicrosoftWindows
MozillaBugzilla Version4.0
   MicrosoftWindows
MozillaBugzilla Version4.0 Updaterc1
   MicrosoftWindows
MozillaBugzilla Version4.0 Updaterc2
   MicrosoftWindows
MozillaBugzilla Version4.0.1
   MicrosoftWindows
MozillaBugzilla Version4.1
   MicrosoftWindows
MozillaBugzilla Version4.1.1
   MicrosoftWindows
MozillaBugzilla Version4.1.2
   MicrosoftWindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.175
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N