Lucene search

[email protected]NVD:CVE-2012-2692

HistoryJun 17, 2012 - 3:41 a.m.

CVE-2012-2692

2012-06-1703:41:41

CWE-264

[email protected]

web.nvd.nist.gov

3.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:N/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.8%

JSON

MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.

Affected configurations

NVD

Node

mantisbtmantisbtRange≤1.2.10

mantisbtmantisbtMatch0.18.0

mantisbtmantisbtMatch0.19.0

mantisbtmantisbtMatch0.19.0a1

mantisbtmantisbtMatch0.19.0a2

mantisbtmantisbtMatch0.19.0rc1

mantisbtmantisbtMatch0.19.1

mantisbtmantisbtMatch0.19.2

mantisbtmantisbtMatch0.19.3

mantisbtmantisbtMatch0.19.4

mantisbtmantisbtMatch0.19.5

mantisbtmantisbtMatch1.0.0

mantisbtmantisbtMatch1.0.0a1

mantisbtmantisbtMatch1.0.0a2

mantisbtmantisbtMatch1.0.0a3

mantisbtmantisbtMatch1.0.0rc1

mantisbtmantisbtMatch1.0.0rc2

mantisbtmantisbtMatch1.0.0rc3

mantisbtmantisbtMatch1.0.0rc4

mantisbtmantisbtMatch1.0.0rc5

mantisbtmantisbtMatch1.0.1

mantisbtmantisbtMatch1.0.2

mantisbtmantisbtMatch1.0.3

mantisbtmantisbtMatch1.0.4

mantisbtmantisbtMatch1.0.5

mantisbtmantisbtMatch1.0.6

mantisbtmantisbtMatch1.0.7

mantisbtmantisbtMatch1.0.8

mantisbtmantisbtMatch1.1.0

mantisbtmantisbtMatch1.1.1

mantisbtmantisbtMatch1.1.2

mantisbtmantisbtMatch1.1.4

mantisbtmantisbtMatch1.1.5

mantisbtmantisbtMatch1.1.6

mantisbtmantisbtMatch1.1.7

mantisbtmantisbtMatch1.1.8

mantisbtmantisbtMatch1.2.0

mantisbtmantisbtMatch1.2.0alpha1

mantisbtmantisbtMatch1.2.0alpha2

mantisbtmantisbtMatch1.2.1

mantisbtmantisbtMatch1.2.2

mantisbtmantisbtMatch1.2.3

mantisbtmantisbtMatch1.2.4

mantisbtmantisbtMatch1.2.5

mantisbtmantisbtMatch1.2.6

mantisbtmantisbtMatch1.2.7

mantisbtmantisbtMatch1.2.8

mantisbtmantisbtMatch1.2.9

References

lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html

secunia.com/advisories/51199

security.gentoo.org/glsa/glsa-201211-01.xml

www.mantisbt.org/bugs/changelog_page.php?version_id=148

www.mantisbt.org/bugs/view.php?id=14016

www.openwall.com/lists/oss-security/2012/06/09/1

www.openwall.com/lists/oss-security/2012/06/11/6

www.securityfocus.com/bid/53921

github.com/mantisbt/mantisbt/commit/ceafe6f0c679411b81368052633a63dd3ca06d9c

3.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:N/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.8%

JSON

Related for NVD:CVE-2012-2692

cvelist1 ubuntucve1 prion1 cve1 freebsd1 openvas14 nessus6 debian1 osv1 fedora5 gentoo1