CVE-2012-4198

Related Files

Mandriva Linux Security Advisory 2013-066

Posted Apr 8, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-066 - The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment. Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt. Various other issues were also addressed.

tags | advisory, remote

systems | linux, mandriva

advisories | CVE-2012-1969, CVE-2012-3981, CVE-2012-4189, CVE-2012-4197, CVE-2012-4198, CVE-2012-4199, CVE-2012-5883, CVE-2013-0785, CVE-2013-0786

SHA-256 | e6cfe4b2630782972753b045d1d3e894e084dfcfd1de0180473c8bbad6ad3f7d

Download | Favorite | View

Bugzilla Information Leak / Cross Site Scripting

Posted Nov 15, 2012

Authored by Frederic Buclin, Mateusz Goik, Gervase Markham, David Lawrence | Site bugzilla.org

Bugzilla suffers from multiple information leak and cross site scripting vulnerabilities. Various versions ranging from 2.x through 4.x are affected.

tags | advisory, vulnerability, xss, info disclosure

advisories | CVE-2012-4199, CVE-2012-4198, CVE-2012-4189, CVE-2012-4197, CVE-2012-5475

SHA-256 | 21672967035df2502939f68c6fb93cd188b821430fff628d2e01c963fba9c035

Download | Favorite | View