Описание
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 1.1.6+dfsg-2 |
| gutsy | ignored | end of life, was needed |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needed |
| jaunty | not-affected | 1.1.6+dfsg-2 |
| karmic | not-affected | 1.1.6+dfsg-2 |
| lucid | not-affected | 1.1.6+dfsg-2 |
| maverick | not-affected | 1.1.6+dfsg-2 |
| natty | not-affected | 1.1.6+dfsg-2 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
core/string_api.php in Mantis before 1.1.3 does not check the privileg ...
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
EPSS
5 Medium
CVSS2