CVE-2010-3764

Bugzilla 2.12-3.2.8, 3.4.8, 3.6.2, 3.7.3, 4.1 - Information Exposure via Predictable Graph File Names

Title source: llm
STIX 2.1

Description

The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL.

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62969
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2878
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024683
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2975
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.2.8/
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42271
Exploit, Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=419014

Scores

EPSS 0.0239
EPSS Percentile 82.0%

Details

CWE
CWE-200
Status published
Products (45)
mozilla/bugzilla 2.2
mozilla/bugzilla 2.4
mozilla/bugzilla 2.6
mozilla/bugzilla 2.8
mozilla/bugzilla 2.9
mozilla/bugzilla 2.12
mozilla/bugzilla 2.14
mozilla/bugzilla 2.14.1
mozilla/bugzilla 2.14.2
mozilla/bugzilla 2.14.3
... and 35 more
Published Nov 05, 2010
Tracked Since Feb 18, 2026