Information Exposure in Bugzilla by Mozilla
CVE-2018-5123

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 29 April 2019

Summary

An issue in Bugzilla allows third-party websites to access sensitive information intended for restricted users. This occurs through a flaw in the image generation feature of report.cgi, affecting all versions before 4.4. As a result, attackers could exploit this vulnerability to gain unauthorized access to bug entries and other data, potentially leading to privacy breaches.

Affected Version(s)

Bugzilla All versions prior to Bugzilla 4.4

References

https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-5123

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 29, 2019
Vulnerability Reserved
Jan 3, 2018