CVE-2014-1571

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 13 October 2014

Summary

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1064140

x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://packetstormsecurity.com/files/128578/Bugzilla-Acco...

x_refsource_MISC

Timeline

Vulnerability published
Oct 13, 2014
Vulnerability Reserved
Jan 16, 2014