CVE-2014-1571

CVE Database · CVE-2014-1571

CVE-2014-1571

· N/AModified

CVSS v3.1

N/A

EPSS

1.35%

Published

Oct 12, 2014

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.

Weaknesses (CWE)

CWE-200

Affected Products (207)

mozilla · bugzillavulnerable

References (18)

http://advisories.mageia.org/MGASA-2014-0412.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142524.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141309.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141321.html

http://packetstormsecurity.com/files/128578/Bugzilla-Account-Creation-XSS-Information-Leak.html

http://www.bugzilla.org/security/4.0.14/

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2014:200

http://www.securitytracker.com/id/1030978

https://bugzilla.mozilla.org/show_bug.cgi?id=1064140

Patch

KEV Catalog EPSS Scores Vendors All CVEs

mozilla · bugzillavulnerable