CVE-2010-2756

medium

Description

Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.

References

https://bugzilla.redhat.com/show_bug.cgi?id=623423

https://bugzilla.mozilla.org/show_bug.cgi?id=417048

http://www.vupen.com/english/advisories/2010/2205

http://www.vupen.com/english/advisories/2010/2035

http://www.securityfocus.com/bid/42275

http://www.bugzilla.org/security/3.2.7/

http://secunia.com/advisories/41128

http://secunia.com/advisories/40892

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html

Details

Source: Mitre, NVD

Published: 2010-08-16

Updated: 2010-09-08

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium