Lucene search

MitreCVE-2010-4625

HistoryDec 30, 2010 - 9:00 p.m.

CVE-2010-4625

2010-12-3021:00:02

CWE-200

mitre

web.nvd.nist.gov

mybb

mybulletinboard

cve-2010-4625

security vulnerability

information disclosure

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.006

Percentile

79.0%

JSON

MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.

Affected configurations

Nvd

Node

mybbmybbRange≤1.4.11

mybbmybbMatch1.00

mybbmybbMatch1.01

mybbmybbMatch1.1.0

mybbmybbMatch1.1.1

mybbmybbMatch1.1.2

mybbmybbMatch1.1.3

mybbmybbMatch1.1.4

mybbmybbMatch1.1.5

mybbmybbMatch1.1.6

mybbmybbMatch1.1.7

mybbmybbMatch1.1.8

mybbmybbMatch1.02

mybbmybbMatch1.2

mybbmybbMatch1.2.0

mybbmybbMatch1.2.1

mybbmybbMatch1.2.2

mybbmybbMatch1.2.3

mybbmybbMatch1.2.4

mybbmybbMatch1.2.5

mybbmybbMatch1.2.6

mybbmybbMatch1.2.7

mybbmybbMatch1.2.8

mybbmybbMatch1.2.9

mybbmybbMatch1.2.10

mybbmybbMatch1.2.11

mybbmybbMatch1.2.12

mybbmybbMatch1.2.13

mybbmybbMatch1.03

mybbmybbMatch1.04

mybbmybbMatch1.4.0

mybbmybbMatch1.4.2

mybbmybbMatch1.4.3

mybbmybbMatch1.4.6

mybbmybbMatch1.4.8

mybbmybbMatch1.4.9

mybbmybbMatch1.4.10

VendorProductVersionCPE
mybbmybb*cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*
mybbmybb1.00cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*
mybbmybb1.01cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*
mybbmybb1.1.0cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*
mybbmybb1.1.1cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*
mybbmybb1.1.2cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*
mybbmybb1.1.3cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*
mybbmybb1.1.4cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*
mybbmybb1.1.5cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*
mybbmybb1.1.6cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mybb	mybb	*	cpe:2.3:a:mybb:mybb::::::::
mybb	mybb	1.00	cpe:2.3:a:mybb:mybb:1.00:::::::*
mybb	mybb	1.01	cpe:2.3:a:mybb:mybb:1.01:::::::*
mybb	mybb	1.1.0	cpe:2.3:a:mybb:mybb:1.1.0:::::::*
mybb	mybb	1.1.1	cpe:2.3:a:mybb:mybb:1.1.1:::::::*
mybb	mybb	1.1.2	cpe:2.3:a:mybb:mybb:1.1.2:::::::*
mybb	mybb	1.1.3	cpe:2.3:a:mybb:mybb:1.1.3:::::::*
mybb	mybb	1.1.4	cpe:2.3:a:mybb:mybb:1.1.4:::::::*
mybb	mybb	1.1.5	cpe:2.3:a:mybb:mybb:1.1.5:::::::*
mybb	mybb	1.1.6	cpe:2.3:a:mybb:mybb:1.1.6:::::::*

Rows per page:

1-10 of 371

References

blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/

community.mybb.com/thread-66255.html

dev.mybboard.net/issues/809

openwall.com/lists/oss-security/2010/10/08/7

openwall.com/lists/oss-security/2010/10/11/8

openwall.com/lists/oss-security/2010/12/06/2

exchange.xforce.ibmcloud.com/vulnerabilities/64517

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.006

Percentile

79.0%

JSON

Related for CVE-2010-4625