Bugzilla 2.10 allows remote attackers to access sensitive...
High severity
Unreviewed
Published
Apr 30, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Jun 27, 2001
Published to the GitHub Advisory Database
Apr 30, 2022
Last updated
Jan 30, 2023
Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed.
References