Release date:
Updated on: 2012-09-06
Affected Systems:
Bugzilla 4.x
Bugzilla 3.x
Bugzilla 2.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-4747
Bugzilla is an open-source defect tracking system that manages the entire lifecycle of defects in software development, such as submitting, repairing, and disabling defects.
Bugzilla stores sensitive information under the web root with insufficient access control. It allows remote attackers to read templates (aka. tmpl) files and other custom extension files, or custom document files under docs.
<* Source: Fr é d é ric Buclin (LpSolit@gmail.com)
Link: https://bugzilla.mozilla.org/show_bug.cgi? Id = 785522
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Bugzilla
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.bugzilla.org/security/