Install/Filesystem.pm in Bugzilla 3.5.1 up to and including 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 3.6 |
||
mozilla bugzilla 3.5.2 |
||
mozilla bugzilla 3.5.1 |
||
mozilla bugzilla 3.5.3 |
||
mozilla bugzilla 3.7 |