|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
Bugzilla contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords when the user is prompted to log in while attempting to view a chart. The user's password can be embedded as part of a report URL, and thus visible in the web server logs, which may lead to a loss of confidentiality.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Information Disclosure
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 2.18.1 or higher, or 2.19.3 or higher, as these versions have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Bugzilla
 |
2.17.1 |
2.19.1 |
2.18 |
2.19.2 |
2.18.1 |
2.19.3 |
|
|
|
|
|
|
Credit |
- Roman Pszonka -
- Gervase Markham -
- Frédéric Buclin -
- Myk Melez -
- Joel Peshkin - bugreport
peshkin.net -
- Marc Schumann -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|