CVE-2008-7292

Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.20.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.20.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.20.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.20.4:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:mozilla:bugzilla:2.22:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.22.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.22.2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:mozilla:bugzilla:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:3.0.2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:58

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/show_bug.cgi?id=414002 - Exploit, Patch () https://bugzilla.mozilla.org/show_bug.cgi?id=414002 - Exploit, Patch
References () https://bugzilla.mozilla.org/show_bug.cgi?id=660502 - Patch () https://bugzilla.mozilla.org/show_bug.cgi?id=660502 - Patch

Information

Published : 2011-08-09 19:55

Updated : 2024-11-21 00:58


NVD link : CVE-2008-7292

Mitre link : CVE-2008-7292

CVE.ORG link : CVE-2008-7292


JSON object : View

Products Affected

microsoft

  • windows

mozilla

  • bugzilla
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor