1. CVE-Search
  2. CVE-2005-3139
ID CVE-2005-3139
Summary Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:bugzilla:2.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:bugzilla:2.21:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.21:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 14996
bugtraq 20051001 Security Advisory for Bugzilla 2.18.3, 2.20rc2, and 2.21
confirm http://www.bugzilla.org/security/2.18.4/
secunia 17030
xf bugzilla-usevisibilitygroup-info-disclosure(42799)
Last major update 11-07-2017 - 01:33
Published 05-10-2005 - 21:02
Last modified 11-07-2017 - 01:33
Back to Top