CVE-2009-20001

An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them.

CVSS v3 8.1 HIGH
CVSS v2.0 5.5 MEDIUM

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://mantisbt.org/bugs/view.php?id=11296	Issue Tracking Vendor Advisory
https://mantisbt.org/bugs/view.php?id=27976	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-03-07 20:15

Updated : 2024-02-28 18:08

NVD link : CVE-2009-20001

Mitre link : CVE-2009-20001

CVE.ORG link : CVE-2009-20001

JSON object : View

Products Affected

mantisbt

mantisbt

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2009-20001", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2021-03-07T20:15:12.427", "references": [{"url": "https://mantisbt.org/bugs/view.php?id=11296", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://mantisbt.org/bugs/view.php?id=27976", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them."}, {"lang": "es", "value": "Se detect\u00f3 un problema en MantisBT versiones anteriores a 2.24.5. Asocia una cadena de cookies \u00fanica con cada usuario. Esta cadena no se restablece al cerrar la sesi\u00f3n (es decir, la sesi\u00f3n del usuario a\u00fan se considera v\u00e1lida y activa), lo que permite que un atacante que de alguna manera obtuvo acceso a la cookie de un usuario inicie sesi\u00f3n como \u00e9l"}], "lastModified": "2021-03-11T21:13:28.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8527F3A-9A9B-47FF-AAE6-2BC22AD9508C", "versionEndExcluding": "2.24.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}