VDB

CVE-2013-0786

CVE-2013-0786 PUBLISHED CVSS 5 MEDIUM

The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debug mode for a query.

EPSS 0.28% · 52.0th percentile

Risk Scores

CVSS 2.0
5
EPSS Score
0.28%
52.0th percentile

Affected Products

VendorProductVersions
n/an/an/a
mozillabugzilla0, 3.6, 3.6.1

Timeline

  • Feb 24, 2013 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • May 25, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›