Bugzilla User-Matching Information Disclosure Vulnerability

Bugzilla is prone to an information disclosure vulnerability when user-matching is turned on. This could allow an attacker to enumerate usernames on the system.

Bugzilla 2.19.1 to 2.20rc2 and 2.21 are prone to this vulnerability.


 

Privacy Statement
Copyright 2010, SecurityFocus