print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
References
Link | Resource |
---|---|
http://www.debian.org/security/2002/dsa-153 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/5515 | Patch Vendor Advisory |
http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt | |
http://marc.info/?l=bugtraq&m=102978873620491&w=2 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/9898 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2002-10-03 21:00
Updated : 2017-10-09 18:30
NVD link : CVE-2002-1111
Mitre link : CVE-2002-1111
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
mantis
- mantis