Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2011-08-09T19:00:00
Updated: 2024-08-06T23:22:26.084Z
Reserved: 2011-08-01T00:00:00
Link: CVE-2011-2979
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-08-09T19:55:01.683
Modified: 2024-11-21T01:29:23.803
Link: CVE-2011-2979
Redhat
No data.