Lucene search
MitreCVELIST:CVE-2015-5059HistoryAug 01, 2017 - 2:00 p.m.
CVE-2015-5059
2017-08-0114:00:00
mitre
www.cve.org
6
The “Project Documentation” feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php.
References
lists.fedoraproject.org/pipermail/package-announce/2015-August/163191.html
www.openwall.com/lists/oss-security/2015/06/25/3
www.openwall.com/lists/oss-security/2015/06/25/4
www.securityfocus.com/bid/75414
bugzilla.redhat.com/show_bug.cgi?id=1237199
github.com/mantisbt/mantisbt/commit/a4be76d6e5c4939545d84712c79d3f8f4a108c4f
github.com/mantisbt/mantisbt/commit/f39cf5251953b468e9d921e1cf2aca3abdb00772
Related
openvas
openvas
Fedora Update for mantis FEDORA-2015-12011
2015-08-08 00:00:00
Fedora Update for mantis FEDORA-2015-12010
2015-08-08 00:00:00
nessus
nessus
Fedora 21 : mantis-1.2.19-3.fc21 (2015-12010)
2015-08-10 00:00:00
Fedora 22 : mantis-1.2.19-3.fc22 (2015-12011)
2015-08-10 00:00:00
nvd
nvd
CVE-2015-5059
2017-08-01 14:29:00
prion
prion
Design/Logic Flaw
2017-08-01 14:29:00
fedora
fedora
[SECURITY] Fedora 22 Update: mantis-1.2.19-3.fc22
2015-08-07 13:12:54
[SECURITY] Fedora 21 Update: mantis-1.2.19-3.fc21
2015-08-07 13:08:42
freebsd
freebsd
mantis -- information disclosure vulnerability
2015-06-23 00:00:00
cve
cve
CVE-2015-5059
2017-08-01 14:29:00
ubuntucve
ubuntucve
CVE-2015-5059
2017-08-01 00:00:00