CVE-2005-3139

medium

Description

Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/42799

http://www.securityfocus.com/bid/14996

http://www.bugzilla.org/security/2.18.4/

http://secunia.com/advisories/17030/

http://marc.info/?l=bugtraq&m=112818466125484&w=2

Details

Source: Mitre, NVD

Published: 2005-10-05

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00593