NuytsTech Security

CVE-2010-2756

by ·

Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.

Date published : 2010-08-13

http://www.securityfocus.com/bid/42275

http://www.bugzilla.org/security/3.2.7/

Tags: