Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bugzilla ‘get_attachment_link’函数信息泄露漏洞
Vulnerability Description
Bugzilla是美国Mozilla基金会开发的一套开源的缺陷跟踪系统,它可管理软件开发中缺陷的提交(new)、修复(resolve)、关闭(close)等整个生命周期。 Bugzilla 2.x版本、3.6.10之前的3.x版本、3.7.x版本,4.0.7之前的4.0.x版本, 4.1.x版本,4.2.2之前的4.2.x版本及4.3.2之前的4.3.x版本中的Template.pm中的get_attachment_link函数中存在漏洞,该漏洞源于提交公开评论的附件描述之前未校验附件是否是私有的。远程攻
CVSS Information
N/A
Vulnerability Type
N/A