FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bugzilla -- product name information leak

Affected packages
3.3.4 < bugzilla < 3.4.1


VuXML ID d67b517d-8214-11de-88ea-001a4d49522b
Discovery 2009-07-30
Entry 2009-08-05

A Bugzilla Security Advisory reports:

Normally, users are only supposed to see products that they can file bugs against in the "Product" drop-down on the bug-editing page. Instead, users were being shown all products, even those that they normally could not see. Any user who could edit any bug could see all product names.