Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-09-04T10:00:00Z

Updated: 2024-09-17T00:47:04.035Z

Reserved: 2012-09-03T00:00:00Z

Link: CVE-2012-4747

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-09-04T11:04:50.357

Modified: 2024-11-21T01:43:27.397

Link: CVE-2012-4747

cve-icon Redhat

No data.