1
Candidate: CVE-2012-4198
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4198
5
https://bugzilla.mozilla.org/show_bug.cgi?id=781850
6
http://www.bugzilla.org/security/3.6.11/
8
The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and
9
4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x
10
before 4.4rc1 has a different outcome for a groups request depending on
11
whether a group exists, which allows remote authenticated users to discover
12
private group names by observing whether a call throws an error.
17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669643
23
upstream_bugzilla: needs-triage
24
hardy_bugzilla: ignored (reached end-of-life)
25
lucid_bugzilla: not-affected
26
oneiric_bugzilla: not-affected