Design/Logic Flaw

🗓️ 16 Nov 2012 00:55:00Reported by PRIOn knowledge baseType

core/email_api.php in MantisBT before 1.2.12 has improper email notification management, enabling authenticated users to access sensitive information by adding notes to restricted bugs

Reporter	Title	Published	Views	Family All 22
CVE	CVE-2012-5523	16 Nov 201200:00	–	cve
Cvelist	CVE-2012-5523	16 Nov 201200:00	–	cvelist
EUVD	EUVD-2012-5415	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 18 Update: mantis-1.2.12-1.fc18	23 Nov 201207:56	–	fedora
Fedora	[SECURITY] Fedora 17 Update: mantis-1.2.12-1.fc17	24 Nov 201203:25	–	fedora
Fedora	[SECURITY] Fedora 17 Update: mantis-1.2.15-1.fc17	25 Apr 201300:32	–	fedora
Fedora	[SECURITY] Fedora 17 Update: mantis-1.2.14-1.fc17	1 Apr 201303:32	–	fedora
Fedora	[SECURITY] Fedora 16 Update: mantis-1.2.12-1.fc16	24 Nov 201203:24	–	fedora
Tenable Nessus	Fedora 18 : mantis-1.2.12-1.fc18 (2012-18273)	26 Nov 201200:00	–	nessus
Tenable Nessus	Fedora 17 : mantis-1.2.12-1.fc17 (2012-18294)	26 Nov 201200:00	–	nessus

Source	Link
openwall	www.openwall.com/lists/oss-security/2012/11/14/1
mantisbt	www.mantisbt.org/bugs/changelog_page.php
mantisbt	www.mantisbt.org/bugs/view.php
securityfocus	www.securityfocus.com/bid/56520
lists	www.lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html
lists	www.lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html
lists	www.lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/80070

12 Jan 2021 18:05Current

6Medium risk

Vulners AI Score6

EPSS0.00447