CVE Vulnerabilities

CVE-2010-0180

Published: Jun 28, 2010 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
1.9 LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.

Affected Software 

Name Vendor Start Version End Version
Bugzilla Mozilla 3.5.1 (including) 3.5.1 (including)
Bugzilla Mozilla 3.5.2 (including) 3.5.2 (including)
Bugzilla Mozilla 3.5.3 (including) 3.5.3 (including)
Bugzilla Mozilla 3.6 (including) 3.6 (including)
Bugzilla Mozilla 3.7 (including) 3.7 (including)
Bugzilla Ubuntu upstream *

References