Your submission was sent successfully! Close

CVE-2012-5884

Published: 16 November 2012

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198.

Notes

AuthorNote
mdeslaur
only bugzilla 4.x
Priority

Medium

Status

Package Release Status
bugzilla
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Not vulnerable

oneiric Not vulnerable

precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage