CVE Vulnerabilities

CVE-2010-2470

Published: Jun 28, 2010 | Modified: Jun 29, 2010
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
1.9 LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180.

Affected Software

Name Vendor Start Version End Version
Bugzilla Mozilla 3.5.1 3.5.1
Bugzilla Mozilla 3.5.2 3.5.2
Bugzilla Mozilla 3.5.3 3.5.3
Bugzilla Mozilla 3.6 3.6
Bugzilla Mozilla 3.6 3.6
Bugzilla Mozilla 3.6.1 3.6.1
Bugzilla Mozilla 3.7 3.7
Bugzilla Mozilla 3.7.1 3.7.1

References