CVE-2012-4197 Information

Description

Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12 3.7.x and 4.0.x before 4.0.9 4.1.x and 4.2.x before 4.2.4 and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action.

Reference

http://www.bugzilla.org/security/3.6.11/ http://www.mandriva.com/security/advisories?name=MDVSA-2013:066 https://bugzilla.mozilla.org/show_bug.cgi?id=802204 https://exchange.xforce.ibmcloud.com/vulnerabilities/80032