CVE Vulnerabilities

CVE-2006-6574

Published: Dec 15, 2006 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.

Affected Software

Name Vendor Start Version End Version
Mantis Mantis 1.0.6 1.0.6
Mantis Mantis 1.0.2 1.0.2
Mantis Mantis 1.0.4 1.0.4
Mantis Mantis 1.0.0_rc3 1.0.0_rc3
Mantis Mantis 1.0.0_rc1 1.0.0_rc1
Mantis Mantis 1.0.0_rc2 1.0.0_rc2
Mantis Mantis 1.0.0 1.0.0
Mantis Mantis 1.0.1 1.0.1
Mantis Mantis 1.0.0_rc4 1.0.0_rc4
Mantis Mantis 1.0.3 1.0.3
Mantis Mantis 1.0.5 1.0.5
Mantis Mantis 1.0.0a3 1.0.0a3
Mantis Mantis 1.0.0a1 1.0.0a1
Mantis Mantis 1.0.0a2 1.0.0a2
Mantis Mantis 1.0.0_rc5 1.0.0_rc5
Mantis Mantis * 1.1.0a1

References