CVE-2012-1969

CVE Database · CVE-2012-1969

CVE-2012-1969

· N/AModified

CVSS v3.1

N/A

EPSS

1.55%

Published

Jul 30, 2012

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment.

Weaknesses (CWE)

CWE-264

Affected Products (173)

mozilla · bugzillavulnerable

References (8)

http://secunia.com/advisories/50040

http://www.bugzilla.org/security/3.6.9/

http://www.mandriva.com/security/advisories?name=MDVSA-2013:066

https://bugzilla.mozilla.org/show_bug.cgi?id=777586

http://secunia.com/advisories/50040

http://www.bugzilla.org/security/3.6.9/

http://www.mandriva.com/security/advisories?name=MDVSA-2013:066

https://bugzilla.mozilla.org/show_bug.cgi?id=777586

KEV Catalog EPSS Scores Vendors All CVEs

mozilla · bugzillavulnerable