CVE-2012-4747
Bugzilla 2.x-4.3.2 - Unauthenticated Sensitive Information Exposure
Title source: llmDescription
Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.6.10/
Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=785511
Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=785522
Scores
EPSS
0.0166
EPSS Percentile
74.0%
Details
CWE
CWE-264
Status
published
Products (45)
mozilla/bugzilla
2.0
mozilla/bugzilla
2.2
mozilla/bugzilla
2.4
mozilla/bugzilla
2.6
mozilla/bugzilla
2.8
mozilla/bugzilla
2.9
mozilla/bugzilla
2.10
mozilla/bugzilla
2.12
mozilla/bugzilla
2.14
mozilla/bugzilla
2.14.1
... and 35 more
Published
Sep 04, 2012
Tracked Since
Feb 18, 2026