CVE-2002-1111

print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*

History

20 Nov 2024, 23:40

Type Values Removed Values Added
References () http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt - () http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt -
References () http://marc.info/?l=bugtraq&m=102978873620491&w=2 - () http://marc.info/?l=bugtraq&m=102978873620491&w=2 -
References () http://www.debian.org/security/2002/dsa-153 - Patch, Vendor Advisory () http://www.debian.org/security/2002/dsa-153 - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/5515 - Patch, Vendor Advisory () http://www.securityfocus.com/bid/5515 - Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/9898 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/9898 -

Information

Published : 2002-10-04 04:00

Updated : 2024-11-20 23:40


NVD link : CVE-2002-1111

Mitre link : CVE-2002-1111

CVE.ORG link : CVE-2002-1111


JSON object : View

Products Affected

mantis

  • mantis
CWE
CWE-264

Permissions, Privileges, and Access Controls