Описание
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | 2.20-1 |
| devel | not-affected | 3.2.5.1-3 |
| hardy | not-affected | 2.22.1-2.2ubuntu1.8.04.1 |
| jaunty | not-affected | 3.2.0.1-1 |
| karmic | not-affected | 3.2.4.0-3ubuntu1 |
| lucid | not-affected | 3.2.5.1-2 |
| upstream | released | 3.8 |
Показывать по
Ссылки на источники
EPSS
1.9 Low
CVSS2
Связанные уязвимости
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_ ...
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.
EPSS
1.9 Low
CVSS2