Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Bugzilla恶意代码执行漏洞
Vulnerability Description
Bugzilla是美国Mozilla基金会开发的一套开源的缺陷跟踪系统,它可管理软件开发中缺陷的提交(new)、修复(resolve)、关闭(close)等整个生命周期。 Bugzilla 4.1.3之前的4.1.x版本根据组名称是否有效为某些代理查询生成了不同的响应。通常组名是机密的,只对组成员可见。在创建或编辑bug时通过构建URL,可以猜测组是否退出,即使是没有在bug中使用的组。远程攻击者可借助自定义搜索确定私人组名称的存在。
CVSS Information
N/A
Vulnerability Type
N/A