Detections
Analytics

Bugzilla < 2.19.3 Information Disclosure

low Nessus Network Monitor Plugin ID 2900

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote server is running Bugzilla, a bug tracking system. There is a flaw in the remote installation of Bugzilla that may allow an attacker to disclose sensitive information. Specifically, if a user generates a report prior to authentication, the user ID and password will be embedded within the report. An attacker exploiting this flaw would be able to harvest user IDs and passwords from generated reports.

Solution

Upgrade to version 2.19.3 or higher.

See Also

http://www.bugzilla.org/security/2.16.8

Plugin Details

Severity: Low

ID: 2900

Family: CGI

Published: 5/12/2005

Updated: 3/6/2019

Nessus ID: 18245

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.1

Temporal Score: 3

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:bugzilla

Reference Information

CVE: CVE-2005-1563, CVE-2005-1564, CVE-2005-1565

BID: 13605, 13606