Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5522

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2012-5522
Last Modified 22 Aug 2013 02:46:39
Published 15 Nov 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-5522

Summary

MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting.

Vulnerable Systems

Application

  • Mantisbt 0.18.0

  • Mantisbt 0.19.0

  • Mantisbt 0.19.1

  • Mantisbt 0.19.2

  • Mantisbt 0.19.3

  • Mantisbt 0.19.4

  • Mantisbt 0.19.5

  • Mantisbt 1.0.0

  • Mantisbt 1.0.1

  • Mantisbt 1.0.2

  • Mantisbt 1.0.3

  • Mantisbt 1.0.4

  • Mantisbt 1.0.5

  • Mantisbt 1.0.6

  • Mantisbt 1.0.7

  • Mantisbt 1.0.8

  • Mantisbt 1.0.9

  • Mantisbt 1.1.0

  • Mantisbt 1.1.1

  • Mantisbt 1.1.2

  • Mantisbt 1.1.3

  • Mantisbt 1.1.4

  • Mantisbt 1.1.5

  • Mantisbt 1.1.6

  • Mantisbt 1.1.7

  • Mantisbt 1.1.8

  • Mantisbt 1.1.9

  • Mantisbt 1.2.0

  • Mantisbt 1.2.1

  • Mantisbt 1.2.10

  • Mantisbt 1.2.11

  • Mantisbt 1.2.2

  • Mantisbt 1.2.3

  • Mantisbt 1.2.4

  • Mantisbt 1.2.5

  • Mantisbt 1.2.6

  • Mantisbt 1.2.7

  • Mantisbt 1.2.8

  • Mantisbt 1.2.9


References

CONFIRM - http://www.mantisbt.org/bugs/view.php?id=14496

CONFIRM - http://www.mantisbt.org/bugs/changelog_page.php?version_id=150

MLIST - [oss-security] 20121114 Re: CVE request: mantis before 1.2.12

BID - 56520

FEDORA - FEDORA-2012-18294

FEDORA - FEDORA-2012-18299

FEDORA - FEDORA-2012-18273


Last Updated: 27 May 2016 10:58:28