Lucene search

[email protected]CVE-2012-1121

HistoryJun 29, 2012 - 7:55 p.m.

CVE-2012-1121

2012-06-2919:55:03

CWE-264

[email protected]

web.nvd.nist.gov

mantisbt

cve-2012-1121

security

vulnerability

authentication

remote users

global categories

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.2%

JSON

MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.

Affected configurations

NVD

Node

mantisbtmantisbtRange≤1.2.8

mantisbtmantisbtMatch0.18.0

mantisbtmantisbtMatch0.19.0

mantisbtmantisbtMatch0.19.0a1

mantisbtmantisbtMatch0.19.0a2

mantisbtmantisbtMatch0.19.0rc1

mantisbtmantisbtMatch0.19.1

mantisbtmantisbtMatch0.19.2

mantisbtmantisbtMatch0.19.3

mantisbtmantisbtMatch0.19.4

mantisbtmantisbtMatch0.19.5

mantisbtmantisbtMatch1.0.0

mantisbtmantisbtMatch1.0.0a1

mantisbtmantisbtMatch1.0.0a2

mantisbtmantisbtMatch1.0.0a3

mantisbtmantisbtMatch1.0.0rc1

mantisbtmantisbtMatch1.0.0rc2

mantisbtmantisbtMatch1.0.0rc3

mantisbtmantisbtMatch1.0.0rc4

mantisbtmantisbtMatch1.0.0rc5

mantisbtmantisbtMatch1.0.1

mantisbtmantisbtMatch1.0.2

mantisbtmantisbtMatch1.0.3

mantisbtmantisbtMatch1.0.4

mantisbtmantisbtMatch1.0.5

mantisbtmantisbtMatch1.0.6

mantisbtmantisbtMatch1.0.7

mantisbtmantisbtMatch1.0.8

mantisbtmantisbtMatch1.0.9

mantisbtmantisbtMatch1.1.0

mantisbtmantisbtMatch1.1.0a1

mantisbtmantisbtMatch1.1.0a2

mantisbtmantisbtMatch1.1.0a3

mantisbtmantisbtMatch1.1.0a4

mantisbtmantisbtMatch1.1.0rc1

mantisbtmantisbtMatch1.1.0rc2

mantisbtmantisbtMatch1.1.0rc3

mantisbtmantisbtMatch1.1.1

mantisbtmantisbtMatch1.1.2

mantisbtmantisbtMatch1.1.3

mantisbtmantisbtMatch1.1.4

mantisbtmantisbtMatch1.1.5

mantisbtmantisbtMatch1.1.6

mantisbtmantisbtMatch1.1.7

mantisbtmantisbtMatch1.1.8

mantisbtmantisbtMatch1.1.9

mantisbtmantisbtMatch1.2.0

mantisbtmantisbtMatch1.2.0alpha1

mantisbtmantisbtMatch1.2.0alpha2

mantisbtmantisbtMatch1.2.0alpha3

mantisbtmantisbtMatch1.2.0rc1

mantisbtmantisbtMatch1.2.0rc2

mantisbtmantisbtMatch1.2.1

mantisbtmantisbtMatch1.2.2

mantisbtmantisbtMatch1.2.3

mantisbtmantisbtMatch1.2.4

mantisbtmantisbtMatch1.2.5

mantisbtmantisbtMatch1.2.6

mantisbtmantisbtMatch1.2.7

CPENameOperatorVersion
mantisbt:mantisbtmantisbtle1.2.8
mantisbt:mantisbtmantisbteq0.18.0
mantisbt:mantisbtmantisbteq0.19.0
mantisbt:mantisbtmantisbteq0.19.1
mantisbt:mantisbtmantisbteq0.19.2
mantisbt:mantisbtmantisbteq0.19.3
mantisbt:mantisbtmantisbteq0.19.4
mantisbt:mantisbtmantisbteq0.19.5
mantisbt:mantisbtmantisbteq1.0.0
mantisbt:mantisbtmantisbteq1.0.1

CPE	Name	Operator	Version
mantisbt:mantisbt	mantisbt	le	1.2.8
mantisbt:mantisbt	mantisbt	eq	0.18.0
mantisbt:mantisbt	mantisbt	eq	0.19.0
mantisbt:mantisbt	mantisbt	eq	0.19.1
mantisbt:mantisbt	mantisbt	eq	0.19.2
mantisbt:mantisbt	mantisbt	eq	0.19.3
mantisbt:mantisbt	mantisbt	eq	0.19.4
mantisbt:mantisbt	mantisbt	eq	0.19.5
mantisbt:mantisbt	mantisbt	eq	1.0.0
mantisbt:mantisbt	mantisbt	eq	1.0.1