Security Advisory

CVE-2010-0180

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2010-06-28 17:00:00

Last updated 2024-09-16 18:03:10

Assigner mitre

State PUBLISHED

Description

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.

← Browse all CVEs View on cve.org ↗