CVE-2005-3139

Опубликовано: 05 окт. 2005

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.

Ссылки

http://marc.info/?l=bugtraq&m=112818466125484&w=2
http://secunia.com/advisories/17030/
Patch
Vendor Advisory
http://www.bugzilla.org/security/2.18.4/
Patch
Vendor Advisory
http://www.securityfocus.com/bid/14996
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/42799
http://marc.info/?l=bugtraq&m=112818466125484&w=2
http://secunia.com/advisories/17030/
Patch
Vendor Advisory
http://www.bugzilla.org/security/2.18.4/
Patch
Vendor Advisory
http://www.securityfocus.com/bid/14996
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/42799

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:bugzilla:2.19.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:bugzilla:2.21:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00593

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2005-3139

ubuntu

больше 20 лет назад

CVE-2005-3139

debian

больше 20 лет назад

Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...

GHSA-p755-fv54-jvjv

github

почти 4 года назад

EPSS

Процентиль: 69%

0.00593

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other