5

CVE-2006-6574

Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MantisMantis Version <= 1.1.0a1
MantisMantis Version1.0.0
MantisMantis Version1.0.0_rc1
MantisMantis Version1.0.0_rc2
MantisMantis Version1.0.0_rc3
MantisMantis Version1.0.0_rc4
MantisMantis Version1.0.0_rc5
MantisMantis Version1.0.0a1
MantisMantis Version1.0.0a2
MantisMantis Version1.0.0a3
MantisMantis Version1.0.1
MantisMantis Version1.0.2
MantisMantis Version1.0.3
MantisMantis Version1.0.4
MantisMantis Version1.0.5
MantisMantis Version1.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.85% 0.764
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://sourceforge.net/project/shownotes.php?release_id=469627
Patch
http://www.mantisbugtracker.com/changelog.php
http://bugs.mantisbugtracker.com/view.php?id=3375
http://bugs.mantisbugtracker.com/view.php?id=7364
http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34&r2=1.35
http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log
http://secunia.com/advisories/23258
Vendor Advisory
http://secunia.com/advisories/28551
http://www.debian.org/security/2008/dsa-1467
http://www.securityfocus.com/bid/21566
http://www.vupen.com/english/advisories/2006/4978
https://exchange.xforce.ibmcloud.com/vulnerabilities/30870