CVE-2006-6574

Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.

Affected Software

Name	Vendor	Start Version	End Version
Mantis	Mantis	*	1.1.0a1 (including)
Mantis	Mantis	1.0.0 (including)	1.0.0 (including)
Mantis	Mantis	1.0.0_rc1 (including)	1.0.0_rc1 (including)
Mantis	Mantis	1.0.0_rc2 (including)	1.0.0_rc2 (including)
Mantis	Mantis	1.0.0_rc3 (including)	1.0.0_rc3 (including)
Mantis	Mantis	1.0.0_rc4 (including)	1.0.0_rc4 (including)
Mantis	Mantis	1.0.0_rc5 (including)	1.0.0_rc5 (including)
Mantis	Mantis	1.0.0a1 (including)	1.0.0a1 (including)
Mantis	Mantis	1.0.0a2 (including)	1.0.0a2 (including)
Mantis	Mantis	1.0.0a3 (including)	1.0.0a3 (including)
Mantis	Mantis	1.0.1 (including)	1.0.1 (including)
Mantis	Mantis	1.0.2 (including)	1.0.2 (including)
Mantis	Mantis	1.0.3 (including)	1.0.3 (including)
Mantis	Mantis	1.0.4 (including)	1.0.4 (including)
Mantis	Mantis	1.0.5 (including)	1.0.5 (including)
Mantis	Mantis	1.0.6 (including)	1.0.6 (including)
Mantis	Ubuntu	dapper	*
Mantis	Ubuntu	edgy	*
Mantis	Ubuntu	feisty	*
Mantis	Ubuntu	gutsy	*
Mantis	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-6574
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References