← back
CVE-2012-4197

CVE-2012-4197

EPSS 1.5%
Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.mozilla.org/show_bug.cgi?id=802204https://exchange.xforce.ibmcloud.com/vulnerabilities/80032http://www.bugzilla.org/security/3.6.11/http://www.mandriva.com/security/advisories?name=MDVSA-2013:066