The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html | vendor-advisory x_refsource_FEDORA |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/62969 | vdb-entry x_refsource_XF |
| http://www.vupen.com/english/advisories/2010/2878 | vdb-entry x_refsource_VUPEN |
| http://www.bugzilla.org/security/3.2.8/ | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html | vendor-advisory x_refsource_FEDORA |
| http://www.securitytracker.com/id?1024683 | vdb-entry x_refsource_SECTRACK |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html | vendor-advisory x_refsource_FEDORA |
| http://www.vupen.com/english/advisories/2010/2975 | vdb-entry x_refsource_VUPEN |
| http://secunia.com/advisories/42271 | third-party-advisory x_refsource_SECUNIA |
| https://bugzilla.mozilla.org/show_bug.cgi?id=419014 | x_refsource_CONFIRM |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html | vendor-advisory x_refsource_FEDORA x_transferred |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/62969 | vdb-entry x_refsource_XF x_transferred |
| http://www.vupen.com/english/advisories/2010/2878 | vdb-entry x_refsource_VUPEN x_transferred |
| http://www.bugzilla.org/security/3.2.8/ | x_refsource_CONFIRM x_transferred |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html | vendor-advisory x_refsource_FEDORA x_transferred |
| http://www.securitytracker.com/id?1024683 | vdb-entry x_refsource_SECTRACK x_transferred |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html | vendor-advisory x_refsource_FEDORA x_transferred |
| http://www.vupen.com/english/advisories/2010/2975 | vdb-entry x_refsource_VUPEN x_transferred |
| http://secunia.com/advisories/42271 | third-party-advisory x_refsource_SECUNIA x_transferred |
| https://bugzilla.mozilla.org/show_bug.cgi?id=419014 | x_refsource_CONFIRM x_transferred |