CVE-2018-5123

HIGH

8.8

CVSS Severity Score

EPSS Score0.1080%

EPSS Percentile41.38th

PublishedApr 29, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4.

Affected Platforms (CPE)

📦

Mozilla

Bugzilla

< 4.4

References & Advisories

🔗 https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-5123

Related Vulnerabilities

CVE-2003-104310.0

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with edit...

CVE-2003-104210.0

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts...

CVE-2002-000710.0

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a re...

CVE-2019-10030668.8

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vi...