Lucene search

K
cve[email protected]CVE-2012-1122
HistoryJun 29, 2012 - 7:55 p.m.

CVE-2012-1122

2012-06-2919:55:03
CWE-264
web.nvd.nist.gov
36
cve-2012-1122
mantisbt
bug_actiongroup.php
bug report
access restrictions

5.9 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:N/I:P/A:P

0.006 Low

EPSS

Percentile

78.6%

bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to bypass intended access restrictions and move bug reports to a different project.

Affected configurations

NVD
Node
mantisbtmantisbtRange1.2.8
OR
mantisbtmantisbtMatch0.18.0
OR
mantisbtmantisbtMatch0.19.0
OR
mantisbtmantisbtMatch0.19.0rc1
OR
mantisbtmantisbtMatch0.19.0a1
OR
mantisbtmantisbtMatch0.19.0a2
OR
mantisbtmantisbtMatch0.19.1
OR
mantisbtmantisbtMatch0.19.2
OR
mantisbtmantisbtMatch0.19.3
OR
mantisbtmantisbtMatch0.19.4
OR
mantisbtmantisbtMatch0.19.5
OR
mantisbtmantisbtMatch1.0.0
OR
mantisbtmantisbtMatch1.0.0rc1
OR
mantisbtmantisbtMatch1.0.0rc2
OR
mantisbtmantisbtMatch1.0.0rc3
OR
mantisbtmantisbtMatch1.0.0rc4
OR
mantisbtmantisbtMatch1.0.0rc5
OR
mantisbtmantisbtMatch1.0.0a1
OR
mantisbtmantisbtMatch1.0.0a2
OR
mantisbtmantisbtMatch1.0.0a3
OR
mantisbtmantisbtMatch1.0.1
OR
mantisbtmantisbtMatch1.0.2
OR
mantisbtmantisbtMatch1.0.3
OR
mantisbtmantisbtMatch1.0.4
OR
mantisbtmantisbtMatch1.0.5
OR
mantisbtmantisbtMatch1.0.6
OR
mantisbtmantisbtMatch1.0.7
OR
mantisbtmantisbtMatch1.0.8
OR
mantisbtmantisbtMatch1.1.0
OR
mantisbtmantisbtMatch1.1.1
OR
mantisbtmantisbtMatch1.1.2
OR
mantisbtmantisbtMatch1.1.4
OR
mantisbtmantisbtMatch1.1.5
OR
mantisbtmantisbtMatch1.1.6
OR
mantisbtmantisbtMatch1.1.7
OR
mantisbtmantisbtMatch1.1.8
OR
mantisbtmantisbtMatch1.2.0
OR
mantisbtmantisbtMatch1.2.0a1
OR
mantisbtmantisbtMatch1.2.0a2
OR
mantisbtmantisbtMatch1.2.1
OR
mantisbtmantisbtMatch1.2.2
OR
mantisbtmantisbtMatch1.2.3
OR
mantisbtmantisbtMatch1.2.4
OR
mantisbtmantisbtMatch1.2.5
OR
mantisbtmantisbtMatch1.2.6
OR
mantisbtmantisbtMatch1.2.7

5.9 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:N/I:P/A:P

0.006 Low

EPSS

Percentile

78.6%