Information Disclosure Vulnerability in Bugzilla Attachment Descriptions

Information Disclosure Vulnerability in Bugzilla Attachment Descriptions

CVE-2012-4197 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action.

Learn more about our Web Application Penetration Testing UK.