CVE-2014-9759

Name of the Vulnerable Software and Affected Versions MantisBT versions 1.3.x before 1.3.0

Description The issue allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request due to an incomplete blacklist vulnerability in the config is private function in config api.php.

Recommendations For versions 1.3.x before 1.3.0, update to version 1.3.0 or later to resolve the issue.