FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bugzilla -- product name information leak

Affected packages
3.3.4 < bugzilla < 3.4.1

Details

VuXML ID d67b517d-8214-11de-88ea-001a4d49522b
Discovery 2009-07-30
Entry 2009-08-05

A Bugzilla Security Advisory reports:

Normally, users are only supposed to see products that they can file bugs against in the "Product" drop-down on the bug-editing page. Instead, users were being shown all products, even those that they normally could not see. Any user who could edit any bug could see all product names.

References

URL http://www.bugzilla.org/security/3.4/