Bugzilla showattachment.cgi Arbitrary Bug Viewing Vulnerability

Bugzilla showattachment.cgi Arbitrary Bug Viewing Vulnerability

Bugzilla is a free, open source bug tracking and reporting appplication. It allows users to submit bugs, offers a forum for discussing bugs, keeps track of the status of bugs, and can restrict who has access to bug information.

An input validation problem exists with Bugzilla. A user of Bugzilla 2.12 may submit an arbitrary bug ID number as an argument to 'showattachment.cgi', potentially disclosing information about "restricted" bugs.

This may be a threat if Bugzilla is being used during the development of proprietary sourcecode.