Lucene search
HistoryAug 07, 2003 - 4:00 a.m.
CVE-2003-0499
mantis
database password
cleartext
security vulnerability
nvd
cve-2003-0499
6.5 Medium
AI Score
Confidence
Low
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
46.5%
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mantis:mantis | mantis | eq | 0.17.5 |
References
Related
cvelist
cvelist
CVE-2003-0499
2003-07-04 04:00:00
nessus
nessus
Debian DSA-335-1 : mantis - incorrect permissions
2004-09-29 00:00:00
osv
osv
mantis - incorrect permissions
2003-06-28 00:00:00
openvas
openvas
Debian Security Advisory DSA 335-1 (mantis)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-335)
2008-01-17 00:00:00
6.5 Medium
AI Score
Confidence
Low
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
46.5%
Related for CVE-2003-0499