Bug ID: 577139 CVE ID: CVE-2010-2758 Title: [SECURITY] request.cgi and duplicates.cgi let you know whether a product exists or not Product: Bugzilla Component: Attachments & Requests Version: 2.17.1 Type: defect Priority: Not set Severity: minor Status: CLOSED Resolution: FIXED Assignee: LpSolit Reporter: LpSolit Milestone: Bugzilla 3.2 CVE Alias: CVE-2010-2758 Key Details: Description: - and scripts in Bugzilla were incorrectly returning whether a product exists or not. - Passing a non-existent product name to the method would throw an error, indicating to the user that the product name is not valid. - This issue affects Bugzilla versions >= 2.17.1. Fixes and Patches: - Patch for versions 3.2 and 3.4 was attached as attachment #456194. - Patch for version 3.6 was attached as attachment #456259. - Code changes were committed to multiple versions including 3.2, 3.4, and 3.6. Resolution and Related Information: - The bug was fixed as part of Bugzilla 4.0 and 4.2 releases. - The issue in was also addressed. - Both and were affected since Bugzilla 2.17.1.