5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.005 Low
EPSS
Percentile
76.4%
Incomplete blacklist vulnerability in the config_is_private function in
config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to
obtain sensitive master salt configuration information via a SOAP API
request.
Author | Note |
---|---|
mdeslaur | 1.3.0-beta.1 and higher only |
github.com/mantisbt/mantisbt/commit/7927c275
www.openwall.com/lists/oss-security/2016/01/02/1
launchpad.net/bugs/cve/CVE-2014-9759
mantisbt.org/bugs/view.php?id=20277
nvd.nist.gov/vuln/detail/CVE-2014-9759
security-tracker.debian.org/tracker/CVE-2014-9759
sourceforge.net/p/mantisbt/mailman/message/32948048/
www.cve.org/CVERecord?id=CVE-2014-9759
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.005 Low
EPSS
Percentile
76.4%