CVE-2012-1968

high

Description

Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=777398

http://www.bugzilla.org/security/3.6.9/

http://secunia.com/advisories/50040

Details

Source: Mitre, NVD

Published: 2012-07-30

Updated: 2013-10-03

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High