Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3.6.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-08-09T19:00:00

Updated: 2024-08-06T23:15:32.119Z

Reserved: 2011-08-01T00:00:00

Link: CVE-2011-2977

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-08-09T19:55:01.607

Modified: 2024-11-21T01:29:23.487

Link: CVE-2011-2977

cve-icon Redhat

No data.