CVE-2011-2380

medium

Description

Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to determine the existence of private group names via a crafted parameter during (1) bug creation or (2) bug editing.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/69034

https://bugzilla.mozilla.org/show_bug.cgi?id=653477

http://www.securityfocus.com/bid/49042

http://www.osvdb.org/74299

http://www.osvdb.org/74298

http://www.debian.org/security/2011/dsa-2322

http://www.bugzilla.org/security/3.4.11/

http://secunia.com/advisories/45501

Details

Source: Mitre, NVD

Published: 2011-08-09

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00688