CVE-2008-7292

EUVD-2008-7245
Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
mozillabugzilla
2.20
mozillabugzilla
2.20.1
mozillabugzilla
2.20.2
mozillabugzilla
2.20.3
mozillabugzilla
2.20.4
mozillabugzilla
2.22
mozillabugzilla
2.22.1
mozillabugzilla
2.22.2
mozillabugzilla
3.0
mozillabugzilla
3.0.0
mozillabugzilla
3.0.1
mozillabugzilla
3.0.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bugzilla
hardy
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
Common Weakness Enumeration
References
https://bugzilla.mozilla.org/show_bug.cgi?id=414002
https://bugzilla.mozilla.org/show_bug.cgi?id=660502
https://bugzilla.mozilla.org/show_bug.cgi?id=414002
https://bugzilla.mozilla.org/show_bug.cgi?id=660502