4

CVE-2014-8988

MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MantisbtMantisbt Version1.2.17
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.95% 0.776
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/62101
http://www.debian.org/security/2015/dsa-3120
http://seclists.org/oss-sec/2014/q4/693
http://www.mantisbt.org/bugs/view.php?id=17742
http://www.openwall.com/lists/oss-security/2014/11/15/6
http://www.securityfocus.com/bid/71104
https://exchange.xforce.ibmcloud.com/vulnerabilities/98731
https://github.com/mantisbt/mantisbt/commit/5f0b150b
Vendor Advisory