CVE-2012-4747

Bugzilla 2.x-4.3.2 - Unauthenticated Sensitive Information Exposure

Title source: llm
STIX 2.1

Description

Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.6.10/

Scores

EPSS 0.0166
EPSS Percentile 74.0%

Details

CWE
CWE-264
Status published
Products (45)
mozilla/bugzilla 2.0
mozilla/bugzilla 2.2
mozilla/bugzilla 2.4
mozilla/bugzilla 2.6
mozilla/bugzilla 2.8
mozilla/bugzilla 2.9
mozilla/bugzilla 2.10
mozilla/bugzilla 2.12
mozilla/bugzilla 2.14
mozilla/bugzilla 2.14.1
... and 35 more
Published Sep 04, 2012
Tracked Since Feb 18, 2026