Page 10 of 48 results (0.006 seconds)

CVSS: 1.9EPSS: 0%CPEs: 5EXPL: 0

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field. Install/Filesystem.pm en Bugzilla v3.5.1 hasta v3.6 y v3.7, cuando está activo use_suexec, usa permisos "world-readable" para los ficheros de configuración local, lo que permite a usuarios locales leer información sensible de los campos de configuración, como se demostró por el campo password de la base de datos y el campo site_wide_secret. • http://secunia.com/advisories/40300 http://www.bugzilla.org/security/3.2.6 http://www.securityfocus.com/bid/41144 http://www.vupen.com/english/advisories/2010/1595 https://bugzilla.mozilla.org/show_bug.cgi?id=561797 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances. Bugzilla desde v3.3.1 hasta v3.4.4, v3.5.1, y v3.5.2 no permite que se mantengan las restricciones de grupo durante el proceso de traslado de un bug a otra categoría de producto, lo que permite a atacantes remotos conseguir información sensible a través de una petición para un bug en determinadas circunstancias. • http://secunia.com/advisories/38443 http://www.securityfocus.com/archive/1/509282/100/0/threaded http://www.securityfocus.com/bid/38026 http://www.vupen.com/english/advisories/2010/0261 https://bugzilla.mozilla.org/show_bug.cgi?id=532493 https://exchange.xforce.ibmcloud.com/vulnerabilities/56004 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 85EXPL: 0

Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. Bugzilla anteriores a v3.0.11, v3.2.x anteriores a v3.2.6, v3.4.x anteriores a v3.4.5, y v3.5.x anteriores a v3.5.3 no bloquea el acceso a ficheros y directorios que son utilizados en instalaciones personalizadas, lo que permite a atacantes remotos conseguir información sensible a través de peticiones para (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. • http://secunia.com/advisories/38443 http://www.securityfocus.com/archive/1/509282/100/0/threaded http://www.securityfocus.com/bid/38025 http://www.vupen.com/english/advisories/2010/0261 https://bugzilla.mozilla.org/show_bug.cgi?id=314871 https://bugzilla.mozilla.org/show_bug.cgi?id=434801 https://exchange.xforce.ibmcloud.com/vulnerabilities/56003 • CWE-264: Permissions, Privileges, and Access Controls •