Bugzilla User Credentials Information Disclosure Vulnerability

Bugzilla User Credentials Information Disclosure Vulnerability

Bugzilla is prone to an information-disclosure vulnerability. This issue is due to a design error in the application.

An attacker can exploit this issue by tricking a victim user into following a malicious URI and then retrieving the victim user's login credentials.

To successfully exploit this issue, the attacker requires the name of the path where the login page resides and resolves to a computer on the local network of the victim user.