CVE-2010-2756
First published: Wed Aug 11 2010(Updated: )
Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Bugzilla | =3.0.4 | |
| Mozilla Bugzilla | =3.0-rc1 | |
| Mozilla Bugzilla | =3.1.3 | |
| Mozilla Bugzilla | =3.0.0 | |
| Mozilla Bugzilla | =2.22.7 | |
| Mozilla Bugzilla | =3.7.2 | |
| Mozilla Bugzilla | =3.4.3 | |
| Mozilla Bugzilla | =3.3.2 | |
| Mozilla Bugzilla | =3.0.1 | |
| Mozilla Bugzilla | =2.19.3 | |
| Mozilla Bugzilla | =2.20-rc2 | |
| Mozilla Bugzilla | =2.20-rc1 | |
| Mozilla Bugzilla | =2.20 | |
| Mozilla Bugzilla | =3.6.1 | |
| Mozilla Bugzilla | =3.2.6 | |
| Mozilla Bugzilla | =3.1.1 | |
| Mozilla Bugzilla | =3.7.1 | |
| Mozilla Bugzilla | =3.7 | |
| Mozilla Bugzilla | =3.4.2 | |
| Mozilla Bugzilla | =3.1.2 | |
| Mozilla Bugzilla | =3.5.3 | |
| Mozilla Bugzilla | =3.2.5 | |
| Mozilla Bugzilla | =3.3.4 | |
| Mozilla Bugzilla | =2.20.5 | |
| Mozilla Bugzilla | =2.20.6 | |
| Mozilla Bugzilla | =2.22.3 | |
| Mozilla Bugzilla | =3.6 | |
| Mozilla Bugzilla | =2.22.6 | |
| Mozilla Bugzilla | =2.23.2 | |
| Mozilla Bugzilla | =2.21.2 | |
| Mozilla Bugzilla | =3.2.3 | |
| Mozilla Bugzilla | =2.22.1 | |
| Mozilla Bugzilla | =2.23.4 | |
| Mozilla Bugzilla | =3.5.2 | |
| Mozilla Bugzilla | =3.0 | |
| Mozilla Bugzilla | =3.5.1 | |
| Mozilla Bugzilla | =3.0.11 | |
| Mozilla Bugzilla | =3.0.6 | |
| Mozilla Bugzilla | =2.20.1 | |
| Mozilla Bugzilla | =2.23.3 | |
| Mozilla Bugzilla | =3.0.7 | |
| Mozilla Bugzilla | =2.23.1 | |
| Mozilla Bugzilla | =2.22-rc1 | |
| Mozilla Bugzilla | =2.22.5 | |
| Mozilla Bugzilla | =3.4.1 | |
| Mozilla Bugzilla | =3.4.4 | |
| Mozilla Bugzilla | =2.19.1 | |
| Mozilla Bugzilla | =2.6 | |
| Mozilla Bugzilla | =3.4.7 | |
| Mozilla Bugzilla | =2.22 | |
| Mozilla Bugzilla | =3.1.0 | |
| Mozilla Bugzilla | =2.4 | |
| Mozilla Bugzilla | =3.0.3 | |
| Mozilla Bugzilla | =3.2 | |
| Mozilla Bugzilla | =2.20.3 | |
| Mozilla Bugzilla | =3.0.9 | |
| Mozilla Bugzilla | =2.8 | |
| Mozilla Bugzilla | =3.2.4 | |
| Mozilla Bugzilla | =2.2 | |
| Mozilla Bugzilla | =3.0.2 | |
| Mozilla Bugzilla | =3.3.3 | |
| Mozilla Bugzilla | =3.2.2 | |
| Mozilla Bugzilla | =3.0.10 | |
| Mozilla Bugzilla | =2.20.7 | |
| Mozilla Bugzilla | =3.0.8 | |
| Mozilla Bugzilla | =2.20.2 | |
| Mozilla Bugzilla | =2.20.4 | |
| Mozilla Bugzilla | =2.21.1 | |
| Mozilla Bugzilla | =2.23 | |
| Mozilla Bugzilla | =3.2.7 | |
| Mozilla Bugzilla | =2.9 | |
| Mozilla Bugzilla | =3.4.5 | |
| Mozilla Bugzilla | =3.0.5 | |
| Mozilla Bugzilla | =2.22.4 | |
| Mozilla Bugzilla | =2.21 | |
| Mozilla Bugzilla | =3.3.1 | |
| Mozilla Bugzilla | =3.4.6 | |
| Mozilla Bugzilla | =2.19.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.bugzilla.org/security/3.2.7/
- https://bugzilla.redhat.com/show_bug.cgi?id=623423
- http://secunia.com/advisories/40892
- http://www.vupen.com/english/advisories/2010/2035
- https://bugzilla.mozilla.org/show_bug.cgi?id=417048
- http://www.securityfocus.com/bid/42275
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
- http://www.vupen.com/english/advisories/2010/2205
- http://secunia.com/advisories/41128
- https://access.redhat.com/security/cve/CVE-2010-2756
- https://bugzilla.mozilla.org/show_bug.cgi?id=450013
- https://access.redhat.com/security/cve/CVE-2010-2757
- https://bugzilla.mozilla.org/show_bug.cgi?id=577139
- https://bugzilla.mozilla.org/show_bug.cgi?id=519835
- https://access.redhat.com/security/cve/CVE-2010-2758
- https://bugzilla.mozilla.org/show_bug.cgi?id=583690
- https://access.redhat.com/security/cve/CVE-2010-2759
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=623426
Frequently Asked Questions
What is the severity of CVE-2010-2756?
CVE-2010-2756 has a moderate severity rating as it allows unauthorized users to exploit group membership visibility.
How do I fix CVE-2010-2756?
To fix CVE-2010-2756, upgrade to a patched version of Bugzilla that addresses this vulnerability.
Which versions of Bugzilla are affected by CVE-2010-2756?
CVE-2010-2756 affects Bugzilla versions 2.19.1 through 3.2.7 and various 3.x versions up to 3.7.2.
What impact does CVE-2010-2756 have on user privacy?
CVE-2010-2756 can lead to potential privacy breaches by allowing attackers to discover the group memberships of users.
Are there any known exploits for CVE-2010-2756?
While specific exploits for CVE-2010-2756 have not been publicly detailed, the vulnerability's nature allows for remote information disclosure.
- collector/nvd-historical
- collector/redhat-bugzilla
- alias/CVE-2010-2756
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/type
- agent/tags
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/mozilla
- canonical/mozilla bugzilla
- version/mozilla bugzilla/3.0.4
- version/mozilla bugzilla/3.0-rc1
- version/mozilla bugzilla/3.1.3
- version/mozilla bugzilla/3.0.0
- version/mozilla bugzilla/2.22.7
- version/mozilla bugzilla/3.7.2
- version/mozilla bugzilla/3.4.3
- version/mozilla bugzilla/3.3.2
- version/mozilla bugzilla/3.0.1
- version/mozilla bugzilla/2.19.3
- version/mozilla bugzilla/2.20-rc2
- version/mozilla bugzilla/2.20-rc1
- version/mozilla bugzilla/2.20
- version/mozilla bugzilla/3.6.1
- version/mozilla bugzilla/3.2.6
- version/mozilla bugzilla/3.1.1
- version/mozilla bugzilla/3.7.1
- version/mozilla bugzilla/3.7
- version/mozilla bugzilla/3.4.2
- version/mozilla bugzilla/3.1.2
- version/mozilla bugzilla/3.5.3
- version/mozilla bugzilla/3.2.5
- version/mozilla bugzilla/3.3.4
- version/mozilla bugzilla/2.20.5
- version/mozilla bugzilla/2.20.6
- version/mozilla bugzilla/2.22.3
- version/mozilla bugzilla/3.6
- version/mozilla bugzilla/2.22.6
- version/mozilla bugzilla/2.23.2
- version/mozilla bugzilla/2.21.2
- version/mozilla bugzilla/3.2.3
- version/mozilla bugzilla/2.22.1
- version/mozilla bugzilla/2.23.4
- version/mozilla bugzilla/3.5.2
- version/mozilla bugzilla/3.0
- version/mozilla bugzilla/3.5.1
- version/mozilla bugzilla/3.0.11
- version/mozilla bugzilla/3.0.6
- version/mozilla bugzilla/2.20.1
- version/mozilla bugzilla/2.23.3
- version/mozilla bugzilla/3.0.7
- version/mozilla bugzilla/2.23.1
- version/mozilla bugzilla/2.22-rc1
- version/mozilla bugzilla/2.22.5
- version/mozilla bugzilla/3.4.1
- version/mozilla bugzilla/3.4.4
- version/mozilla bugzilla/2.19.1
- version/mozilla bugzilla/2.6
- version/mozilla bugzilla/3.4.7
- version/mozilla bugzilla/2.22
- version/mozilla bugzilla/3.1.0
- version/mozilla bugzilla/2.4
- version/mozilla bugzilla/3.0.3
- version/mozilla bugzilla/3.2
- version/mozilla bugzilla/2.20.3
- version/mozilla bugzilla/3.0.9
- version/mozilla bugzilla/2.8
- version/mozilla bugzilla/3.2.4
- version/mozilla bugzilla/2.2
- version/mozilla bugzilla/3.0.2
- version/mozilla bugzilla/3.3.3
- version/mozilla bugzilla/3.2.2
- version/mozilla bugzilla/3.0.10
- version/mozilla bugzilla/2.20.7
- version/mozilla bugzilla/3.0.8
- version/mozilla bugzilla/2.20.2
- version/mozilla bugzilla/2.20.4
- version/mozilla bugzilla/2.21.1
- version/mozilla bugzilla/2.23
- version/mozilla bugzilla/3.2.7
- version/mozilla bugzilla/2.9
- version/mozilla bugzilla/3.4.5
- version/mozilla bugzilla/3.0.5
- version/mozilla bugzilla/2.22.4
- version/mozilla bugzilla/2.21
- version/mozilla bugzilla/3.3.1
- version/mozilla bugzilla/3.4.6
- version/mozilla bugzilla/2.19.2