Bugzilla versions before 3.0.11, 3.2.6, 3.4.5, and 3.5.3 allow for content browsing of various directories that may have sensitive information in them if customized. Bugzilla versions 3.3.1 to 3.4.4, 3.5.1, and 3.5.2 suffer from a bug moving vulnerability.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/85834/bugzilla-disclose.txt
Source: https://packetstormsecurity.com/files/85834/Bugzilla-Information-Disclosure.html