PT-2002-2114 · Mantis · Mantis

Published

2002-10-04

Updated

2017-10-10

CVE-2002-1111

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Mantis versions 0.17.3 and earlier

Description: The issue concerns the print all bug page.php file, which fails to verify the limit reporters option. This allows remote attackers to view bug summaries for bugs that would otherwise be restricted.

Recommendations: For Mantis versions 0.17.3 and earlier, consider disabling access to the print all bug page.php file until a fix is available. Restrict access to bug summaries to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2002-1111

DSA-153

Affected Products

Mantis

PT-2002-2114 · Mantis · Mantis

CVE-2002-1111

Weakness Enumeration

Related Identifiers

Affected Products

References · 6