Bugzilla '--attach_path' Directory Traversal Vulnerability

Bugzilla is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the server. Information harvested may aid in launching further attacks.

The following versions are affected:

Bugzilla 2.22.1 through 2.22.4
Bugzilla 2.23.3 and later


Privacy Statement
Copyright 2010, SecurityFocus