CVE-2012-4197
Bugzilla < 3.6.12, 4.0.9, 4.2.4, 4.4rc1 - Unauthenticated Sensitive Information Exposure
Title source: llmDescription
Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action.
References (4)
Core 4
Core References
Exploit, Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=802204
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:066
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80032
Issue Tracking x_refsource_confirm
http://www.bugzilla.org/security/3.6.11/
Scores
EPSS
0.0154
EPSS Percentile
72.0%
Details
CWE
CWE-200
Status
published
Products (45)
mozilla/bugzilla
2.0
mozilla/bugzilla
2.2
mozilla/bugzilla
2.4
mozilla/bugzilla
2.6
mozilla/bugzilla
2.8
mozilla/bugzilla
2.9
mozilla/bugzilla
2.10
mozilla/bugzilla
2.12
mozilla/bugzilla
2.14
mozilla/bugzilla
2.14.1
... and 35 more
Published
Nov 16, 2012
Tracked Since
Feb 18, 2026