template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function calls containing private product names or private component names in certain circumstances involving custom-field visibility control, which allows remote attackers to obtain sensitive information by reading HTML source code.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-11-16T11:00:00

Updated: 2024-08-06T20:28:07.557Z

Reserved: 2012-08-08T00:00:00

Link: CVE-2012-4199

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-11-16T12:24:24.213

Modified: 2017-08-29T01:32:12.727

Link: CVE-2012-4199

cve-icon Redhat

No data.