Information Disclosure in Bugzilla Affects Multiple Versions
CVE-2012-4198

Currently unrated

Key Information:

Vendor

Mozilla
Status
Bugzilla
Vendor
CVE Published:
16 November 2012

What is CVE-2012-4198?

A vulnerability in the User.get method of Bugzilla's WebService module could allow remote authenticated users to infer the existence of private group names. This occurs as the method's response varies based on group existence, which means that if a non-existent group is requested, the system may throw an error, while valid groups do not generate such feedback. This differential response can inadvertently expose sensitive details to users who should not have access to them.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
https://bugzilla.mozilla.org/show_bug.cgi?id=781850
x_refsource_CONFIRM
http://www.bugzilla.org/security/3.6.11/
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.