CVE-2002-0810

high

Description

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.

References

http://www.securityfocus.com/bid/4964

http://www.redhat.com/support/errata/RHSA-2002-109.html

http://www.osvdb.org/6399

http://www.iss.net/security_center/static/9306.php

http://bugzilla.mozilla.org/show_bug.cgi?id=92263

http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html

Details

Source: Mitre, NVD

Published: 2002-08-12

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00862

Detections

Analytics