Описание
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-1571
- https://bugzilla.mozilla.org/show_bug.cgi?id=1064140
- http://advisories.mageia.org/MGASA-2014-0412.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142524.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141309.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141321.html
- http://packetstormsecurity.com/files/128578/Bugzilla-Account-Creation-XSS-Information-Leak.html
- http://www.bugzilla.org/security/4.0.14
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:200
- http://www.securitytracker.com/id/1030978
Связанные уязвимости
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.1 ...