Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5523

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2012-5523
Last Modified 22 Aug 2013 02:46:39
Published 15 Nov 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-5523

Summary

core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.

Vulnerable Systems

Application

  • Mantisbt 0.18.0

  • Mantisbt 0.19.0

  • Mantisbt 0.19.1

  • Mantisbt 0.19.2

  • Mantisbt 0.19.3

  • Mantisbt 0.19.4

  • Mantisbt 0.19.5

  • Mantisbt 1.0.0

  • Mantisbt 1.0.1

  • Mantisbt 1.0.2

  • Mantisbt 1.0.3

  • Mantisbt 1.0.4

  • Mantisbt 1.0.5

  • Mantisbt 1.0.6

  • Mantisbt 1.0.7

  • Mantisbt 1.0.8

  • Mantisbt 1.0.9

  • Mantisbt 1.1.0

  • Mantisbt 1.1.1

  • Mantisbt 1.1.2

  • Mantisbt 1.1.3

  • Mantisbt 1.1.4

  • Mantisbt 1.1.5

  • Mantisbt 1.1.6

  • Mantisbt 1.1.7

  • Mantisbt 1.1.8

  • Mantisbt 1.1.9

  • Mantisbt 1.2.0

  • Mantisbt 1.2.1

  • Mantisbt 1.2.10

  • Mantisbt 1.2.11

  • Mantisbt 1.2.2

  • Mantisbt 1.2.3

  • Mantisbt 1.2.4

  • Mantisbt 1.2.5

  • Mantisbt 1.2.6

  • Mantisbt 1.2.7

  • Mantisbt 1.2.8

  • Mantisbt 1.2.9


References

CONFIRM - http://www.mantisbt.org/bugs/view.php?id=14704

CONFIRM - http://www.mantisbt.org/bugs/changelog_page.php?version_id=150

MLIST - [oss-security] 20121114 Re: CVE request: mantis before 1.2.12

XF - mantisbt-cloned-info-disc(80070)

BID - 56520

FEDORA - FEDORA-2012-18294

FEDORA - FEDORA-2012-18299

FEDORA - FEDORA-2012-18273


Last Updated: 27 May 2016 10:58:28