Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-04-02T05:00:00

Updated: 2024-08-08T03:03:49.280Z

Reserved: 2002-07-29T00:00:00

Link: CVE-2002-0810

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2002-08-12T04:00:00.000

Modified: 2008-09-05T20:29:00.660

Link: CVE-2002-0810

cve-icon Redhat

Severity :

Publid Date: 2001-07-25T00:00:00Z

Links: CVE-2002-0810 - Bugzilla