Описание
MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.
MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-1121
- https://github.com/mantisbt/mantisbt/commit/9443258724e84cb388aa1865b775beaecd80596d
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html
- http://secunia.com/advisories/48258
- http://secunia.com/advisories/51199
- http://security.gentoo.org/glsa/glsa-201211-01.xml
- http://www.mantisbt.org/bugs/changelog_page.php?version_id=140
- http://www.mantisbt.org/bugs/view.php?id=13561
- http://www.openwall.com/lists/oss-security/2012/03/06/9
- http://www.securityfocus.com/bid/52313
EPSS
CVE ID
Связанные уязвимости
MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.
MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.
MantisBT before 1.2.9 does not properly check permissions, which allow ...
EPSS