Unrated severityNVD Advisory· Published Oct 5, 2005· Updated Jun 16, 2026
CVE-2005-3138
CVE-2005-3138
Description
Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.18.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.19:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.21:*:*:*:*:*:*:*
- Range: >=2.18rc1, <=2.18.3 || >=2.19, <=2.20rc2 || =2.21
Patches
Vulnerability mechanics
References
5- secunia.com/advisories/17030/nvdPatchVendor Advisory
- www.securityfocus.com/bid/14995nvdPatch
- www.bugzilla.org/security/2.18.4/nvdVendor Advisory
- marc.infonvd
- exchange.xforce.ibmcloud.com/vulnerabilities/22490nvd
News mentions
0No linked articles in our index yet.