Lucene search

K

RedhatCVELIST:CVE-2012-2692

HistoryJun 17, 2012 - 1:00 a.m.

CVE-2012-2692

2012-06-1701:00:00

redhat

www.cve.org

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.8%

MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.

References

lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html

secunia.com/advisories/51199

security.gentoo.org/glsa/glsa-201211-01.xml

www.mantisbt.org/bugs/changelog_page.php?version_id=148

www.mantisbt.org/bugs/view.php?id=14016

www.openwall.com/lists/oss-security/2012/06/09/1

www.openwall.com/lists/oss-security/2012/06/11/6

www.securityfocus.com/bid/53921

github.com/mantisbt/mantisbt/commit/ceafe6f0c679411b81368052633a63dd3ca06d9c

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.8%

Related for CVELIST:CVE-2012-2692

ubuntucve1 prion1 nvd1 cve1 freebsd1 openvas14 nessus6 debian1 osv1 fedora5 gentoo1