CVE-2014-9506

MantisBT < 1.2.17 - Authenticated Exposure of Sensitive Information via Monitored Issue Email

Title source: llm
STIX 2.1

Description

MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q4/955
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62101
Vendor Advisory x_refsource_confirm
https://www.mantisbt.org/bugs/view.php?id=9885
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3120

Scores

EPSS 0.0096
EPSS Percentile 57.3%

Details

CWE
CWE-200
Status published
Products (1)
mantisbt/mantisbt < 1.2.17
Published Jan 04, 2015
Tracked Since Feb 18, 2026