icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Bugzilla 3.3.x / 3.4.x < 3.4.1 Information Disclosure

Medium

Synopsis

The remote host is running a version of Bugzilla affected by an information disclosure flaw.

Description

The remote web server is hosting Bugzilla, a web-based bug tracking application. The version of Bugzilla on the remote host contains a flaw which allows authenticated users who can edit bugs to view names of all products through the 'show_bug.cgi' script.

Solution

Upgrade to Bugzilla 3.4.1 or later.