CVE-2008-4689

Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-10-22 18:00

Updated : 2024-02-28 11:21


NVD link : CVE-2008-4689

Mitre link : CVE-2008-4689

CVE.ORG link : CVE-2008-4689


JSON object : View

Products Affected

mantis

  • mantis
CWE
CWE-287

Improper Authentication