CVE-2008-7292

Bugzilla <2.20.5, <2.22.3, <3.0.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977.

References (2)

Core 2
Core References
Exploit, Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=414002

Scores

EPSS 0.0038
EPSS Percentile 30.5%

Details

CWE
CWE-200
Status published
Products (12)
mozilla/bugzilla 2.20
mozilla/bugzilla 2.20.1
mozilla/bugzilla 2.20.2
mozilla/bugzilla 2.20.3
mozilla/bugzilla 2.20.4
mozilla/bugzilla 2.22
mozilla/bugzilla 2.22.1
mozilla/bugzilla 2.22.2
mozilla/bugzilla 3.0
mozilla/bugzilla 3.0.0
... and 2 more
Published Aug 09, 2011
Tracked Since Feb 18, 2026