CVE-2012-1119

MantisBT < 1.2.9 - Unauthenticated Bug Report Copy Without Audit Log

Title source: llm
STIX 2.1

Description

MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection.

References (14)

Core 14
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52313
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2500
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201211-01.xml
Various Sources x_refsource_confirm
http://www.mantisbt.org/bugs/view.php?id=13816
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49572
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51199
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/06/9
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48258

Scores

EPSS 0.0366
EPSS Percentile 88.2%

Details

CWE
CWE-264
Status published
Products (28)
mantisbt/mantisbt 0.18.0
mantisbt/mantisbt 0.19.0 (4 CPE variants)
mantisbt/mantisbt 0.19.1
mantisbt/mantisbt 0.19.2
mantisbt/mantisbt 0.19.3
mantisbt/mantisbt 0.19.4
mantisbt/mantisbt 0.19.5
mantisbt/mantisbt 1.0.0 (9 CPE variants)
mantisbt/mantisbt 1.0.1
mantisbt/mantisbt 1.0.2
... and 18 more
Published Jun 29, 2012
Tracked Since Feb 18, 2026