CVE-2012-5884

Published: Nov 16, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198.

Affected (1)

Products: Mozilla: Bugzilla

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 4.3.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://bugzilla.mozilla.org/show_bug.cgi?id=697224

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=781850

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/80115

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=697224

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=781850

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/80115

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.