Lucene search

Ubuntu.comUB:CVE-2015-5059

HistoryAug 01, 2017 - 12:00 a.m.

CVE-2015-5059

2017-08-0100:00:00

ubuntu.com

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

55.9%

JSON

The “Project Documentation” feature in MantisBT 1.2.19 and earlier, when
the threshold to access files ($g_view_proj_doc_threshold) is set to
ANYBODY, allows remote authenticated users to download attachments linked
to arbitrary private projects via a file id number in the file_id parameter
to file_download.php.

References

launchpad.net/bugs/cve/CVE-2015-5059

mantisbt.org/bugs/view.php?id=19873

nvd.nist.gov/vuln/detail/CVE-2015-5059

security-tracker.debian.org/tracker/CVE-2015-5059

www.cve.org/CVERecord?id=CVE-2015-5059

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

55.9%

JSON

Related for UB:CVE-2015-5059