Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Bugzilla多个认证绕过和信息泄露漏洞
Vulnerability Description
Bugzilla 2.17.1版本到2.18rc2版本以及来自cvs的2.19版本当使用insidergroup功能时,不能在有元字符(例如:文件名、说明、MIME类型或审查标记)变化时充分地保护私人附件,远程已认证用户可以在(1)查看漏洞活动日志或者(2)查看漏洞变化通告邮件时获得敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A