Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD2DC8927B-54E0-11EB-9342-1C697A013F4B
HistoryNov 10, 2020 - 12:00 a.m.

mantis -- multiple vulnerabilities

2020-11-1000:00:00
vuxml.freebsd.org
10
mantis
cve-2020-29603
disclosure
private project
xss
idor
sql injection
security release
maintenance
2.24.4

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

71.1%

JSON

Mantis 2.24.4 release reports:

Security and maintenance release, addressing 6 CVEs:

0027726: CVE-2020-29603: disclosure of private project name
0027727: CVE-2020-29605: disclosure of private issue summary
0027728: CVE-2020-29604: full disclosure of private issue contents, including bugnotes and attachments
0027361: Private category can be access/used by a non member of a private project (IDOR)
0027779: CVE-2020-35571: XSS in helper_ensure_confirmed() calls
0026794: User Account - Takeover
0027363: Fixed in version can be changed to a version that doesn’t exist
0027350: When updating an issue, a Viewer user can be set as Reporter
0027370: CVE-2020-35849: Revisions allow viewing private bugnotes id and summary
0027495: CVE-2020-28413: SQL injection in the parameter “access” on the mc_project_get_users function throught the API SOAP.
0027444: Printing unsanitized user input in install.php

Related

openvas 2
nessus 1
prion 6
cvelist 6
cve 6
osv 6
nvd 6
ubuntucve 1
checkpoint_advisories 1
packetstorm 1
exploitdb 1
openvas
openvas
MantisBT < 2.24.4 Multiple Vulnerabilities - Linux
2021-01-15 00:00:00
MantisBT < 2.24.4 Multiple Vulnerabilities - Windows
2021-01-15 00:00:00
nessus
nessus
FreeBSD : mantis -- multiple vulnerabilities (2dc8927b-54e0-11eb-9342-1c697a013f4b)
2021-03-11 00:00:00
prion
prion
Code injection
2021-02-22 03:15:00
Design/Logic Flaw
2021-01-29 07:15:00
Sql injection
2020-12-30 22:15:00
cvelist
cvelist
CVE-2020-29603
2021-01-29 06:41:36
CVE-2020-35571
2021-02-22 02:23:53
CVE-2020-28413
2020-12-30 21:28:21
cve
cve
CVE-2020-35571
2021-02-22 03:15:14
CVE-2020-28413
2020-12-30 22:15:12
CVE-2020-29605
2021-01-29 07:15:17
osv
osv
CVE-2020-29605
2021-01-29 07:15:17
CVE-2020-35571
2021-02-22 03:15:14
CVE-2020-28413
2020-12-30 22:15:12
nvd
nvd
CVE-2020-28413
2020-12-30 22:15:12
CVE-2020-29604
2021-01-29 07:15:17
CVE-2020-35571
2021-02-22 03:15:14
ubuntucve
ubuntucve
CVE-2020-28413
2020-12-30 00:00:00
checkpoint_advisories
checkpoint_advisories
MantisBT SQL Injection (CVE-2020-28413)
2021-01-13 00:00:00
packetstorm
packetstorm
Mantis Bug Tracker 2.24.3 SQL Injection
2021-01-04 00:00:00
exploitdb
exploitdb
Mantis Bug Tracker 2.24.3 - &#039;access&#039; SQL Injection
2021-01-04 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

71.1%

JSON
Related for 2DC8927B-54E0-11EB-9342-1C697A013F4B
openvas2nessus1prion6cvelist6cve6osv6nvd6ubuntucve1checkpoint_advisories1packetstorm1exploitdb1