Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files.
2004-07-27T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 2.1 (LOW)
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mozilla | bugzilla | 2.4 | Yes |
| Application | mozilla | bugzilla | 2.6 | Yes |
| Application | mozilla | bugzilla | 2.8 | Yes |
| Application | mozilla | bugzilla | 2.10 | Yes |
| Application | mozilla | bugzilla | 2.12 | Yes |
| Application | mozilla | bugzilla | 2.14 | Yes |
| Application | mozilla | bugzilla | 2.14.1 | Yes |
| Application | mozilla | bugzilla | 2.14.2 | Yes |
| Application | mozilla | bugzilla | 2.14.3 | Yes |
| Application | mozilla | bugzilla | 2.14.4 | Yes |
| Application | mozilla | bugzilla | 2.14.5 | Yes |
| Application | mozilla | bugzilla | 2.16 | Yes |
| Application | mozilla | bugzilla | 2.16.1 | Yes |
| Application | mozilla | bugzilla | 2.16.2 | Yes |
| Application | mozilla | bugzilla | 2.16.3 | Yes |
| Application | mozilla | bugzilla | 2.16.4 | Yes |
| Application | mozilla | bugzilla | 2.16.5 | Yes |
| Application | mozilla | bugzilla | 2.17 | Yes |
| Application | mozilla | bugzilla | 2.17.1 | Yes |
| Application | mozilla | bugzilla | 2.17.3 | Yes |
| Application | mozilla | bugzilla | 2.17.4 | Yes |
| Application | mozilla | bugzilla | 2.17.5 | Yes |
| Application | mozilla | bugzilla | 2.17.6 | Yes |
| Application | mozilla | bugzilla | 2.17.7 | Yes |