← back
CVE-2012-1969

CVE-2012-1969

EPSS 1.6%
The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.mozilla.org/show_bug.cgi?id=777586http://secunia.com/advisories/50040http://www.bugzilla.org/security/3.6.9/http://www.mandriva.com/security/advisories?name=MDVSA-2013:066