Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Bugzilla | Mozilla | 2.0 (including) | 2.0 (including) |
Bugzilla | Mozilla | 2.2 (including) | 2.2 (including) |
Bugzilla | Mozilla | 2.4 (including) | 2.4 (including) |
Bugzilla | Mozilla | 2.6 (including) | 2.6 (including) |
Bugzilla | Mozilla | 2.8 (including) | 2.8 (including) |
Bugzilla | Mozilla | 2.9 (including) | 2.9 (including) |
Bugzilla | Mozilla | 2.10 (including) | 2.10 (including) |
Bugzilla | Mozilla | 2.12 (including) | 2.12 (including) |
Bugzilla | Mozilla | 2.14 (including) | 2.14 (including) |
Bugzilla | Mozilla | 2.14.1 (including) | 2.14.1 (including) |
Bugzilla | Mozilla | 2.14.2 (including) | 2.14.2 (including) |
Bugzilla | Mozilla | 2.14.3 (including) | 2.14.3 (including) |
Bugzilla | Mozilla | 2.14.4 (including) | 2.14.4 (including) |
Bugzilla | Mozilla | 2.14.5 (including) | 2.14.5 (including) |
Bugzilla | Mozilla | 2.16 (including) | 2.16 (including) |
Bugzilla | Mozilla | 2.16-rc1 (including) | 2.16-rc1 (including) |
Bugzilla | Mozilla | 2.16-rc2 (including) | 2.16-rc2 (including) |
Bugzilla | Mozilla | 2.16.1 (including) | 2.16.1 (including) |
Bugzilla | Mozilla | 2.16.2 (including) | 2.16.2 (including) |
Bugzilla | Mozilla | 2.16.3 (including) | 2.16.3 (including) |
Bugzilla | Mozilla | 2.16.4 (including) | 2.16.4 (including) |
Bugzilla | Mozilla | 2.16.5 (including) | 2.16.5 (including) |
Bugzilla | Mozilla | 2.16.6 (including) | 2.16.6 (including) |
Bugzilla | Mozilla | 2.16.7 (including) | 2.16.7 (including) |
Bugzilla | Mozilla | 2.16.8 (including) | 2.16.8 (including) |
Bugzilla | Mozilla | 2.16.9 (including) | 2.16.9 (including) |
Bugzilla | Mozilla | 2.16.10 (including) | 2.16.10 (including) |
Bugzilla | Mozilla | 2.16.11 (including) | 2.16.11 (including) |
Bugzilla | Mozilla | 2.17 (including) | 2.17 (including) |
Bugzilla | Mozilla | 2.17.1 (including) | 2.17.1 (including) |
Bugzilla | Mozilla | 2.17.2 (including) | 2.17.2 (including) |
Bugzilla | Mozilla | 2.17.3 (including) | 2.17.3 (including) |
Bugzilla | Mozilla | 2.17.4 (including) | 2.17.4 (including) |
Bugzilla | Mozilla | 2.17.5 (including) | 2.17.5 (including) |
Bugzilla | Mozilla | 2.17.6 (including) | 2.17.6 (including) |
Bugzilla | Mozilla | 2.17.7 (including) | 2.17.7 (including) |
Bugzilla | Mozilla | 2.18 (including) | 2.18 (including) |
Bugzilla | Mozilla | 2.18-rc1 (including) | 2.18-rc1 (including) |
Bugzilla | Mozilla | 2.18-rc2 (including) | 2.18-rc2 (including) |
Bugzilla | Mozilla | 2.18-rc3 (including) | 2.18-rc3 (including) |
Bugzilla | Mozilla | 2.18.1 (including) | 2.18.1 (including) |
Bugzilla | Mozilla | 2.18.2 (including) | 2.18.2 (including) |
Bugzilla | Mozilla | 2.18.3 (including) | 2.18.3 (including) |
Bugzilla | Mozilla | 2.18.4 (including) | 2.18.4 (including) |
Bugzilla | Mozilla | 2.18.5 (including) | 2.18.5 (including) |
Bugzilla | Mozilla | 2.18.6 (including) | 2.18.6 (including) |
Bugzilla | Mozilla | 2.18.6+ (including) | 2.18.6+ (including) |
Bugzilla | Mozilla | 2.18.7 (including) | 2.18.7 (including) |
Bugzilla | Mozilla | 2.18.8 (including) | 2.18.8 (including) |
Bugzilla | Mozilla | 2.18.9 (including) | 2.18.9 (including) |
Bugzilla | Mozilla | 2.19 (including) | 2.19 (including) |
Bugzilla | Mozilla | 2.19.1 (including) | 2.19.1 (including) |
Bugzilla | Mozilla | 2.19.2 (including) | 2.19.2 (including) |
Bugzilla | Mozilla | 2.19.3 (including) | 2.19.3 (including) |
Bugzilla | Mozilla | 2.20 (including) | 2.20 (including) |
Bugzilla | Mozilla | 2.20-rc1 (including) | 2.20-rc1 (including) |
Bugzilla | Mozilla | 2.20-rc2 (including) | 2.20-rc2 (including) |
Bugzilla | Mozilla | 2.20.1 (including) | 2.20.1 (including) |
Bugzilla | Mozilla | 2.20.2 (including) | 2.20.2 (including) |
Bugzilla | Mozilla | 2.20.3 (including) | 2.20.3 (including) |
Bugzilla | Mozilla | 2.20.4 (including) | 2.20.4 (including) |
Bugzilla | Mozilla | 2.20.5 (including) | 2.20.5 (including) |
Bugzilla | Mozilla | 2.20.6 (including) | 2.20.6 (including) |
Bugzilla | Mozilla | 2.20.7 (including) | 2.20.7 (including) |
Bugzilla | Mozilla | 2.21 (including) | 2.21 (including) |
Bugzilla | Mozilla | 2.21.1 (including) | 2.21.1 (including) |
Bugzilla | Mozilla | 2.21.2 (including) | 2.21.2 (including) |
Bugzilla | Mozilla | 2.21.2-rc1 (including) | 2.21.2-rc1 (including) |
Bugzilla | Mozilla | 2.22 (including) | 2.22 (including) |
Bugzilla | Mozilla | 2.22-rc1 (including) | 2.22-rc1 (including) |
Bugzilla | Mozilla | 2.22.1 (including) | 2.22.1 (including) |
Bugzilla | Mozilla | 2.22.2 (including) | 2.22.2 (including) |
Bugzilla | Mozilla | 2.22.3 (including) | 2.22.3 (including) |
Bugzilla | Mozilla | 2.22.4 (including) | 2.22.4 (including) |
Bugzilla | Mozilla | 2.22.5 (including) | 2.22.5 (including) |
Bugzilla | Mozilla | 2.22.6 (including) | 2.22.6 (including) |
Bugzilla | Mozilla | 2.22.7 (including) | 2.22.7 (including) |
Bugzilla | Mozilla | 2.23 (including) | 2.23 (including) |
Bugzilla | Mozilla | 2.23.1 (including) | 2.23.1 (including) |
Bugzilla | Mozilla | 2.23.2 (including) | 2.23.2 (including) |
Bugzilla | Mozilla | 2.23.3 (including) | 2.23.3 (including) |
Bugzilla | Mozilla | 2.23.4 (including) | 2.23.4 (including) |
Bugzilla | Ubuntu | hardy | * |
Bugzilla | Ubuntu | lucid | * |
Bugzilla | Ubuntu | natty | * |
Bugzilla | Ubuntu | oneiric | * |