Vulnerability Database

289,782

Total vulnerabilities in the database

CVE-2010-0180

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.

  • Published: Jun 28, 2010
  • Updated: Apr 13, 2023
  • CVE: CVE-2010-0180
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 1.9
  • AV:L/AC:M/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
mozilla / bugzilla 3.7 3.7.x
mozilla / bugzilla 3.5.3 3.5.3.x
mozilla / bugzilla 3.6 3.6.x
mozilla / bugzilla 3.5.2 3.5.2.x
mozilla / bugzilla 3.5.1 3.5.1.x