Information Disclosure Flaw in Bugzilla by Mozilla
CVE-2014-1571

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 13 October 2014

What is CVE-2014-1571?

Bugzilla versions 2.x through 4.x prior to their respective fixed versions contain a security flaw that allows remote authenticated users to access sensitive private-comment data. By leveraging specific roles associated with flagging comments, unauthorized individuals can exploit this flaw to obtain confidential information. This vulnerability affects multiple versions of Bugzilla, making it crucial for users to update to the latest releases to mitigate this risk.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1064140

x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://packetstormsecurity.com/files/128578/Bugzilla-Acco...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2014
Vulnerability Reserved
Jan 16, 2014