Bugzilla User-Matching Information Disclosure Vulnerability

Bugzilla User-Matching Information Disclosure Vulnerability

Bugzilla is prone to an information disclosure vulnerability when user-matching is turned on. This could allow an attacker to enumerate usernames on the system.

Bugzilla 2.19.1 to 2.20rc2 and 2.21 are prone to this vulnerability.