| Vulnerability Name: | CVE-2005-3139 (CCN-42799) | ||||||||
| Assigned: | 2005-10-05 | ||||||||
| Published: | 2005-10-05 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Sep 30 2005 - 20:18:45 CDT Security Advisory for Bugzilla 2.18.3, 2.20rc2, and 2.2 Source: MITRE Type: CNA CVE-2005-3139 Source: BUGTRAQ Type: UNKNOWN 20051001 Security Advisory for Bugzilla 2.18.3, 2.20rc2, and 2.21 Source: CCN Type: SA17030 Bugzilla Two Information Disclosure Security Issues Source: SECUNIA Type: Patch, Vendor Advisory 17030 Source: CCN Type: Bugzilla Web site Bugzilla Project - Download Source: CONFIRM Type: Patch, Vendor Advisory http://www.bugzilla.org/security/2.18.4/ Source: CCN Type: OSVDB ID: 19812 Bugzilla usevisibilitygroups Setting User Matching Bypass Source: BID Type: Patch 14996 Source: CCN Type: BID-14996 Bugzilla User-Matching Information Disclosure Vulnerability Source: XF Type: UNKNOWN bugzilla-usevisibilitygroup-info-disclosure(42799) Source: XF Type: UNKNOWN bugzilla-usevisibilitygroup-info-disclosure(42799) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||