CVE-2014-1571 Information
Description
Bugzilla 2.x through 4.0.x before 4.0.15 4.1.x and 4.2.x before 4.2.11 4.3.x and 4.4.x before 4.4.6 and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient related to Bug.pm Flag.pm and a mail template.
Reference
http://advisories.mageia.org/MGASA-2014-0412.html http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142524.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141309.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141321.html http://packetstormsecurity.com/files/128578/Bugzilla-Account-Creation-XSS-Information-Leak.html http://www.bugzilla.org/security/4.0.14/ http://www.mandriva.com/security/advisories?name=MDVSA-2014:200 http://www.securitytracker.com/id/1030978 https://bugzilla.mozilla.org/show_bug.cgi?id=1064140
Share on: