FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-3387

This CVE name corresponds to:

Entered Topic
2010-02-01 bugzilla -- information leak

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-3387 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-3387
Phase Assigned(20090924)

Description

Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances.

References

Source Reference
BUGTRAQ 20100201 Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=532493
BID 38026
SECUNIA 38443
VUPEN ADV-2010-0261
XF bugzilla-group-restriction-info-disclosure(56004)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.