CVE-2008-7292

Published: Aug 9, 2011Modified: Apr 29, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977.

Affected (12)

Products: Mozilla: Bugzilla

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 2.20.1
Mozilla Bugzilla	Version 2.20.2
Mozilla Bugzilla	Version 2.20.3
Mozilla Bugzilla	Version 2.20.4
Mozilla Bugzilla	Version 2.20

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 2.22.1
Mozilla Bugzilla	Version 2.22.2
Mozilla Bugzilla	Version 2.22

Configuration C

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 3.0.0
Mozilla Bugzilla	Version 3.0.1
Mozilla Bugzilla	Version 3.0.2
Mozilla Bugzilla	Version 3.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://bugzilla.mozilla.org/show_bug.cgi?id=414002

Source: cve@mitre.org

ExploitPatch

https://bugzilla.mozilla.org/show_bug.cgi?id=660502

Source: cve@mitre.org

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=414002

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://bugzilla.mozilla.org/show_bug.cgi?id=660502

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.