Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the View Bugs page.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mantis | Mantis | 0.15.12 | 0.15.12 |
Mantis | Mantis | 0.15.3 | 0.15.3 |
Mantis | Mantis | 0.15.9 | 0.15.9 |
Mantis | Mantis | 0.17.0 | 0.17.0 |
Mantis | Mantis | 0.15.10 | 0.15.10 |
Mantis | Mantis | 0.16.1 | 0.16.1 |
Mantis | Mantis | 0.15.4 | 0.15.4 |
Mantis | Mantis | 0.15.11 | 0.15.11 |
Mantis | Mantis | 0.17.2 | 0.17.2 |
Mantis | Mantis | 0.15.7 | 0.15.7 |
Mantis | Mantis | 0.17.3 | 0.17.3 |
Mantis | Mantis | 0.17.1 | 0.17.1 |
Mantis | Mantis | 0.15.5 | 0.15.5 |
Mantis | Mantis | 0.16.0 | 0.16.0 |
Mantis | Mantis | 0.15.8 | 0.15.8 |
Mantis | Mantis | 0.15.6 | 0.15.6 |