29547 : Bugzilla XML Format Deadline Field Disclosure
Printer | http://osvdb.org/29547 | Email This | Edit Vulnerability

Views This Week

Views All Time

145

Info

Last Modified

8 months ago

Percent Complete

100%

Disclosure

Oct 15, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Bugzilla contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when viewing a bug in XML format, which will disclose the deadline even to those not part of the "timetrackinggroup" resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 2.18.6, 2.20.3, 2.22.1, or 2.23.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization	Bugzilla	2.18.5
		2.20.2
		2.22
		2.23.2

References

CVE ID: 2006-5454 (see also: NVD)
Secunia Advisory ID: 22409 22790
Related OSVDB ID: 29544 29545 29546 29548 29549
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0242.html
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200611-04.xml
Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=346564

Tools & Filters

Nessus	23669

Credit

Frédéric Buclin -
Josh "timeless" Soref -

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mozilla Organization

Bugzilla

References

Tools & Filters

Credit

Blogs

Comments