CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
71.1%
Mantis 2.24.4 release reports:
Security and maintenance release, addressing 6 CVEs:
0027726: CVE-2020-29603: disclosure of private project name
0027727: CVE-2020-29605: disclosure of private issue summary
0027728: CVE-2020-29604: full disclosure of private issue contents, including bugnotes and attachments
0027361: Private category can be access/used by a non member of a private project (IDOR)
0027779: CVE-2020-35571: XSS in helper_ensure_confirmed() calls
0026794: User Account - Takeover
0027363: Fixed in version can be changed to a version that doesn’t exist
0027350: When updating an issue, a Viewer user can be set as Reporter
0027370: CVE-2020-35849: Revisions allow viewing private bugnotes id and summary
0027495: CVE-2020-28413: SQL injection in the parameter “access” on the mc_project_get_users function throught the API SOAP.
0027444: Printing unsanitized user input in install.php
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | mantis-php72 | < 2.24.4,1 | UNKNOWN |
FreeBSD | any | noarch | mantis-php73 | < 2.24.4,1 | UNKNOWN |
FreeBSD | any | noarch | mantis-php74 | < 2.24.4,1 | UNKNOWN |
FreeBSD | any | noarch | mantis-php80 | < 2.24.4,1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
71.1%