Lucene search
HistoryJan 04, 2015 - 9:59 p.m.
CVE-2014-9506
cve-2014-9506
mantisbt
email permissions
vulnerability
nvd
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
4.8 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.3%
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.
Affected configurations
Node
mantisbtmantisbtRange≤1.2.17
| CPE | Name | Operator | Version |
|---|---|---|---|
| mantisbt:mantisbt | mantisbt | le | 1.2.17 |
Related
nvd
nvd
CVE-2014-9506
2015-01-04 21:59:03
cvelist
cvelist
CVE-2014-9506
2015-01-04 21:00:00
prion
prion
Design/Logic Flaw
2015-01-04 21:59:00
openvas
openvas
MantisBT <= 1.2.17 Multiple Vulnerabilities
2014-11-25 00:00:00
Debian Security Advisory DSA 3120-1 (mantis - security update)
2015-01-06 00:00:00
Debian: Security Advisory (DSA-3120-1)
2015-01-05 00:00:00
nessus
nessus
Debian DSA-3120-1 : mantis - security update
2015-01-08 00:00:00
osv
osv
mantis - security update
2015-01-06 00:00:00
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
4.8 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.3%
Related for CVE-2014-9506