Описание
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | 2.20-1 |
| devel | not-affected | 3.2.5.1-3 |
| hardy | not-affected | 2.22.1-2.2ubuntu1.8.04.1 |
| jaunty | not-affected | 3.2.0.1-1 |
| karmic | not-affected | 3.2.4.0-3ubuntu1 |
| lucid | not-affected | 3.2.5.1-2 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
1.9 Low
CVSS2
Связанные уязвимости
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180.
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through ...
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180.
1.9 Low
CVSS2