VULHUB ™

Bugzilla is a free, open source bug tracking and reporting appplication. It allows users to submit bugs, offers a forum for discussing bugs, keeps track of the status of bugs, and can restrict who has access to bug information. An input validation problem exists with Bugzilla. A user of Bugzilla 2.12 may submit an arbitrary bug ID number as an argument to 'showattachment.cgi', potentially disclosing information about "restricted" bugs. This may be a threat if Bugzilla is being used during the development of proprietary sourcecode.

Bugzilla is a free, open source bug tracking and reporting appplication. It allows users to submit bugs, offers a forum for discussing bugs, keeps track of the status of bugs, and can restrict who has access to bug information. An input validation problem exists with Bugzilla. A user of Bugzilla 2.12 may submit an arbitrary bug ID number as an argument to 'showattachment.cgi', potentially disclosing information about "restricted" bugs. This may be a threat if Bugzilla is being used during the development of proprietary sourcecode.