CVE Vulnerabilities

CVE-2011-2979

Published: Aug 09, 2011 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW

Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression.

Affected Software

Name Vendor Start Version End Version
Bugzilla Mozilla 4.1 (including) 4.1 (including)
Bugzilla Mozilla 4.1.1 (including) 4.1.1 (including)
Bugzilla Mozilla 4.1.2 (including) 4.1.2 (including)
Bugzilla Ubuntu upstream *

References