CVE-2008-7292 — LOW (2.1) — White Hats Nepal

Vulnerability Description

Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Mozilla	Bugzilla	2.20
Microsoft	Windows	All versions

Related Weaknesses (CWE)

CWE-200

References

https://bugzilla.mozilla.org/show_bug.cgi?id=414002ExploitPatch
https://bugzilla.mozilla.org/show_bug.cgi?id=660502Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=414002ExploitPatch
https://bugzilla.mozilla.org/show_bug.cgi?id=660502Patch

FAQ

What is CVE-2008-7292?

CVE-2008-7292 is a vulnerability with a CVSS score of 2.1 (LOW). Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sens...

How severe is CVE-2008-7292?

CVE-2008-7292 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-7292?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla, Microsoft Windows.