PT-2008-5900 · Mantis · Mantis
Christian Hoffmann
·
Published
2008-10-22
·
Updated
2009-02-10
·
CVE-2008-4688
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mantis versions prior to 1.1.3
Description
The issue concerns a lack of privilege checking in the composition of links with issue data. This allows remote attackers to discover sensitive information, such as an issue's title and status, by modifying the issue number in a request.
Recommendations
For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mantis