CVE-2005-3139

Published: Oct 5, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.

Affected (6)

Products: Mozilla: Bugzilla

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 2.19.1
Mozilla Bugzilla	Version 2.19.2
Mozilla Bugzilla	Version 2.19.3
Mozilla Bugzilla	Version 2.20 rc1
Mozilla Bugzilla	Version 2.20 rc2
Mozilla Bugzilla	Version 2.21

References (10)

http://marc.info/?l=bugtraq&m=112818466125484&w=2

Source: cve@mitre.org

http://secunia.com/advisories/17030/

Source: cve@mitre.org

PatchVendor Advisory

http://www.bugzilla.org/security/2.18.4/

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/14996

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/42799

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=112818466125484&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/17030/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.bugzilla.org/security/2.18.4/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/14996

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/42799

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.