Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Bugzilla 'Install/Filesystem.pm'信息泄露漏洞
Vulnerability Description
Bugzilla 3.5.1至3.6,3.7版本中的Install/Filesystem.pm存在信息泄露漏洞。当使用use_suexec时,将本地配置文件设置为全域可读,本地用户就可以读取敏感配置文件,如数据库密码字段和site_wide_secret字段。
CVSS Information
N/A
Vulnerability Type
N/A