CVE-2014-1571 — Vulnetix

Try Vulnetix Request Demo

CVE-2014-1571 PUBLISHED CVSS 4 MEDIUM

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.

EPSS 0.50% · 65.9th percentile

Risk Scores

CVSS v2.0

4

EPSS Score

0.50%

65.9th percentile

Affected Products

Vendor	Product	Versions
mozilla	bugzilla	3.6.12, 2.0, 2.2
n/a	n/a	n/a
fedoraproject	fedora	21, 19, 20

Timeline

Oct 13, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1064140 url
MDVSA-2014:200 vendor-advisory
http://packetstormsecurity.com/files/128578/Bugzilla-Account-Creation-XSS-Information-Leak.html url
FEDORA-2014-12591 vendor-advisory
http://advisories.mageia.org/MGASA-2014-0412.html url
http://www.bugzilla.org/security/4.0.14/ url
FEDORA-2014-12584 vendor-advisory
FEDORA-2014-12530 vendor-advisory
1030978 vdb
https://nvd.nist.gov/vuln/detail/CVE-2014-1571 advisory
http://www.bugzilla.org/security/4.0.14 url

Open in Interactive Console →