Security Advisory

CVE-2012-1969

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-07-28 18:00:00
Last updated 2024-08-06 19:17:27
Assigner mitre
State PUBLISHED

Description

The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment.