Required CVE Record Information
Description
core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.
References 8 Total
- lists.fedoraproject.org: FEDORA-2012-18299 vendor-advisory
- securityfocus.com: 56520 vdb-entry
- exchange.xforce.ibmcloud.com: mantisbt-cloned-info-disc(80070) vdb-entry
- openwall.com: [oss-security] 20121114 Re: CVE request: mantis before 1.2.12 mailing-list
- lists.fedoraproject.org: FEDORA-2012-18294 vendor-advisory
- http://www.mantisbt.org/bugs/changelog_page.php?version_id=150
- lists.fedoraproject.org: FEDORA-2012-18273 vendor-advisory
- http://www.mantisbt.org/bugs/view.php?id=14704
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 8 Total
- lists.fedoraproject.org: FEDORA-2012-18299 vendor-advisoryx_transferred
- securityfocus.com: 56520 vdb-entryx_transferred
- exchange.xforce.ibmcloud.com: mantisbt-cloned-info-disc(80070) vdb-entryx_transferred
- openwall.com: [oss-security] 20121114 Re: CVE request: mantis before 1.2.12 mailing-listx_transferred
- lists.fedoraproject.org: FEDORA-2012-18294 vendor-advisoryx_transferred
- http://www.mantisbt.org/bugs/changelog_page.php?version_id=150 x_transferred
- lists.fedoraproject.org: FEDORA-2012-18273 vendor-advisoryx_transferred
- http://www.mantisbt.org/bugs/view.php?id=14704 x_transferred