FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bugzilla -- product name information leak

Affected packages
3.3.4 < bugzilla < 3.4.1

Details

VuXML ID d67b517d-8214-11de-88ea-001a4d49522b
Discovery 2009-07-30
Entry 2009-08-05

A Bugzilla Security Advisory reports:

Normally, users are only supposed to see products that they can file bugs against in the "Product" drop-down on the bug-editing page. Instead, users were being shown all products, even those that they normally could not see. Any user who could edit any bug could see all product names.

[source]

References

URL http://www.bugzilla.org/security/3.4/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.