Information Disclosure Vulnerability in Bugzilla

Information Disclosure Vulnerability in Bugzilla

CVE-2011-2380 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to determine the existence of private group names via a crafted parameter during (1) bug creation or (2) bug editing.

Learn more about our Web Application Penetration Testing UK.