| VID |
21390 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Mantis, according to its version number, has multiple information disclosure vulnerabilities. Mantis is a freely available PHP-based bug tracking system that uses a MySQL backend database. Two vulnerabilities in Mantis versions 0.19.1 prior can be exploited by malicious users to gain knowledge of potentially sensitive information.
1) The summary for "All Projects" discloses certain information about other projects, which the user has no rights for.
2) It is possible for users, who have been removed from a project, to still monitor filed bugs. This can be exploited by a malicious user to keep receiving sensitive information even after having been removed from a project.
* Note: This check solely relied on the version number of Mantis on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://bugs.mantisbt.org/view.php?id=3117
http://bugs.mantisbt.org/view.php?id=4341
http://secunia.com/advisories/13111/
* Platforms Affected:
Mantis versions 0.19.1 prior
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Mantis (0.19.1 or later), available from the Mantis web site at http://www.mantisbt.org/index.php |
| Related URL |
CVE-2004-2666 (CVE) |
| Related URL |
11622 (SecurityFocus) |
| Related URL |
17981,17982 (ISS) |
|
