CVE Vulnerabilities

CVE-2008-4689

Improper Authentication

Published: Oct 22, 2008 | Modified: Aug 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Mantis Mantis 1.0.6 1.0.6
Mantis Mantis 1.0.2 1.0.2
Mantis Mantis * 1.1.2
Mantis Mantis 1.0.4 1.0.4
Mantis Mantis 1.0.8 1.0.8
Mantis Mantis 0.19.3 0.19.3
Mantis Mantis 1.0.7 1.0.7
Mantis Mantis 1.0.1 1.0.1
Mantis Mantis 1.0.3 1.0.3
Mantis Mantis 1.0.5 1.0.5
Mantis Mantis 1.1.1 1.1.1
Mantis Mantis 0.19.4 0.19.4

Potential Mitigations

References