Lucene search
PRIOn knowledge basePRION:CVE-2008-4688HistoryOct 22, 2008 - 6:00 p.m.
Design/Logic Flaw
2008-10-2218:00:00
PRIOn knowledge base
www.prio-n.com
2
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue’s title and status via a request with a modified issue number.
References
mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285&r2=5384&pathrev=5384
secunia.com/advisories/32243
secunia.com/advisories/32975
www.gentoo.org/security/en/glsa/glsa-200812-07.xml
www.mantisbt.org/bugs/changelog_page.php
www.mantisbt.org/bugs/view.php?id=9321
www.openwall.com/lists/oss-security/2008/10/20/1
www.securityfocus.com/bid/31868
Related
cvelist
cvelist
CVE-2008-4688
2008-10-22 17:00:00
nvd
nvd
CVE-2008-4688
2008-10-22 18:00:01
canvas
canvas
Immunity Canvas: MANTIS113
2008-10-22 18:00:00
redhatcve
redhatcve
CVE-2008-4688
2019-10-04 20:36:47
ubuntucve
ubuntucve
CVE-2008-4688
2008-10-22 00:00:00
cve
cve
CVE-2008-4688
2008-10-22 18:00:01
gentoo
gentoo
Mantis: Multiple vulnerabilities
2008-12-02 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200812-07 (mantisbt)
2008-12-03 00:00:00
Gentoo Security Advisory GLSA 200812-07 (mantisbt)
2008-12-03 00:00:00
nessus
nessus
GLSA-200812-07 : Mantis: Multiple vulnerabilities
2008-12-03 00:00:00
securityvulns
securityvulns