CVE-2002-1111

2004-09-0104:00:00

CWE-264

[email protected]

web.nvd.nist.gov

mantis

0.17.3

print_all_bug_page.php

cve-2002-1111

nvd

bug restrictions

remote attack

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.1%

JSON

print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.

Affected configurations

NVD

Node

mantismantisMatch0.16.0

mantismantisMatch0.16.1

mantismantisMatch0.17.0

mantismantisMatch0.17.1

mantismantisMatch0.17.2

mantismantisMatch0.17.3

CPENameOperatorVersion
mantis:mantismantiseq0.16.0
mantis:mantismantiseq0.16.1
mantis:mantismantiseq0.17.0
mantis:mantismantiseq0.17.1
mantis:mantismantiseq0.17.2
mantis:mantismantiseq0.17.3

CPE	Name	Operator	Version
mantis:mantis	mantis	eq	0.16.0
mantis:mantis	mantis	eq	0.16.1
mantis:mantis	mantis	eq	0.17.0
mantis:mantis	mantis	eq	0.17.1
mantis:mantis	mantis	eq	0.17.2
mantis:mantis	mantis	eq	0.17.3