Unrated severityNVD Advisory· Published Aug 9, 2011· Updated Jun 16, 2026
CVE-2011-2979
CVE-2011-2979
Description
Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*
- Range: >=4.1, <4.1.3
Patches
Vulnerability mechanics
References
8- bugzilla.mozilla.org/show_bug.cginvdExploitPatch
- secunia.com/advisories/45501nvdVendor Advisory
- www.bugzilla.org/security/3.4.11/nvdVendor Advisory
- www.debian.org/security/2011/dsa-2322nvd
- www.osvdb.org/74298nvd
- www.osvdb.org/74299nvd
- www.securityfocus.com/bid/49042nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/69166nvd
News mentions
0No linked articles in our index yet.