Bugzilla 3.7.x < 3.7.2 Information Disclosure Vulnerability
Medium Nessus Network Monitor Plugin ID 5594
SynopsisThe remote web server is hosting an application that is affected by an information disclosure vulnerability.
DescriptionThe remote web server is hosting Bugzilla, a web-based bug tracking application.
Versions of Bugzilla 3.7.x earlier than 3.7.2 fail to restrict access to bugs created with the inboud email interface (email_in.pl) or with the 'Bug.create' method in the WebServices interface to the 'mandatory; or 'Default' groups. This could allow bug information to become publicly available instead of being restricted to certain groups.
SolutionUpgrade to Bugzilla 3.7.2 or later.