CVE-2010-3764
Bugzilla 2.12-3.2.8, 3.4.8, 3.6.2, 3.7.3, 4.1 - Information Exposure via Predictable Graph File Names
Title source: llmDescription
The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62969
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2878
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024683
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2975
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.2.8/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42271
Exploit, Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=419014
Scores
EPSS
0.0239
EPSS Percentile
82.0%
Details
CWE
CWE-200
Status
published
Products (45)
mozilla/bugzilla
2.2
mozilla/bugzilla
2.4
mozilla/bugzilla
2.6
mozilla/bugzilla
2.8
mozilla/bugzilla
2.9
mozilla/bugzilla
2.12
mozilla/bugzilla
2.14
mozilla/bugzilla
2.14.1
mozilla/bugzilla
2.14.2
mozilla/bugzilla
2.14.3
... and 35 more
Published
Nov 05, 2010
Tracked Since
Feb 18, 2026