Vulnerabilities > CVE-2005-3139 - Information Disclosure vulnerability in Bugzilla User-Matching
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |