CVE-2008-7292

Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
mozillabugzilla
2.20
mozillabugzilla
2.20.1
mozillabugzilla
2.20.2
mozillabugzilla
2.20.3
mozillabugzilla
2.20.4
mozillabugzilla
2.22
mozillabugzilla
2.22.1
mozillabugzilla
2.22.2
mozillabugzilla
3.0
mozillabugzilla
3.0.0
mozillabugzilla
3.0.1
mozillabugzilla
3.0.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bugzilla
natty
not-affected
maverick
not-affected
lucid
not-affected
hardy
not-affected
Common Weakness Enumeration
References
https://bugzilla.mozilla.org/show_bug.cgi?id=414002
https://bugzilla.mozilla.org/show_bug.cgi?id=660502
https://bugzilla.mozilla.org/show_bug.cgi?id=414002
https://bugzilla.mozilla.org/show_bug.cgi?id=660502