HTML E-mail Information Disclosure Vulnerability in Bugzilla

HTML E-mail Information Disclosure Vulnerability in Bugzilla

CVE-2012-1968 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message.

Learn more about our Web Application Penetration Testing UK.