CVE-2005-3139

Sažetak

Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.

Reference

http://marc.info/?l=bugtraq&m=112818466125484&w=2
http://secunia.com/advisories/17030/
http://www.bugzilla.org/security/2.18.4/
http://www.securityfocus.com/bid/14996
https://exchange.xforce.ibmcloud.com/vulnerabilities/42799

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:33

Objavljeno

05-10-2005 - 21:02