Bugzilla Directory Access Information Disclosure
Medium Nessus Plugin ID 44426
SynopsisA CGI hosted on the remote web server is affected by an information disclosure vulnerability.
DescriptionThe version of Bugzilla hosted on the remote web server allows an unauthenticated, remote attacker to list the contents of directories such as '/contrib/', which could contain sensitive information.
SolutionUpgrade to Bugzilla version 3.5.3 / 3.4.5 / 3.2.6 / 3.0.11 or later and make sure permissions are set accordingly.