CVE-2011-2380
Bugzilla Multiple Versions - Private Group Name Exposure via Bug Creation or Editing
Title source: llmDescription
Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to determine the existence of private group names via a crafted parameter during (1) bug creation or (2) bug editing.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/74298
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45501
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69034
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.4.11/
Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=653477
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/74299
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2322
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49042
Scores
EPSS
0.0177
EPSS Percentile
75.4%
Details
CWE
CWE-200
Status
published
Products (46)
mozilla/bugzilla
2.22.7
mozilla/bugzilla
2.23
mozilla/bugzilla
2.23.1
mozilla/bugzilla
2.23.2
mozilla/bugzilla
2.23.3
mozilla/bugzilla
3.4 (2 CPE variants)
mozilla/bugzilla
3.4.1
mozilla/bugzilla
3.4.2
mozilla/bugzilla
3.4.3
mozilla/bugzilla
3.4.4
... and 36 more
Published
Aug 09, 2011
Tracked Since
Feb 18, 2026