CVE-2018-5123

HIGH

Bugzilla <4.4 - Info Disclosure

Title source: llm

Description

A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4.

References (1)

[Exploit, Issue Tracking, Patch, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-5123

Scores

CVSS v3 8.8

EPSS 0.0014

EPSS Percentile 33.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-352

Status published

Affected Products (1)

mozilla/bugzilla < 4.4

Timeline

Published Apr 29, 2019

Tracked Since Feb 18, 2026