Improper Access Control in Bugzilla Attachments
CVE-2012-4197

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 16 November 2012

What is CVE-2012-4197?

The issue arises in Bugzilla's handling of attachments, where the Attachment.pm component allows remote attackers to exploit a fault in the attachment.cgi script. Specifically, through the usage of an obsolete=1 parameter during the insert action, attackers can gain unauthorized access to read descriptions of attachments linked to private bugs. This loophole affects a range of Bugzilla versions, enabling potential information leakage and requiring immediate attention to secure systems against unauthorized data exposure.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=802204

x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://exchange.xforce.ibmcloud.com/vulnerabilities/80032

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Nov 16, 2012
Vulnerability Reserved
Aug 8, 2012

Mozilla

What is CVE-2012-4197?

References

Timeline