Lucene search

RedhatCVE-2012-5522

HistoryNov 16, 2012 - 12:55 a.m.

CVE-2012-5522

2012-11-1600:55:01

CWE-264

redhat

web.nvd.nist.gov

mantisbt

cve-2012-5522

security bypass

access restriction

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

68.7%

JSON

MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting.

Affected configurations

Nvd

Node

mantisbtmantisbtRange≤1.2.11

mantisbtmantisbtMatch0.18.0

mantisbtmantisbtMatch0.19.0

mantisbtmantisbtMatch0.19.0a1

mantisbtmantisbtMatch0.19.0a2

mantisbtmantisbtMatch0.19.0rc1

mantisbtmantisbtMatch0.19.1

mantisbtmantisbtMatch0.19.2

mantisbtmantisbtMatch0.19.3

mantisbtmantisbtMatch0.19.4

mantisbtmantisbtMatch0.19.5

mantisbtmantisbtMatch1.0.0

mantisbtmantisbtMatch1.0.0a1

mantisbtmantisbtMatch1.0.0a2

mantisbtmantisbtMatch1.0.0a3

mantisbtmantisbtMatch1.0.0rc1

mantisbtmantisbtMatch1.0.0rc2

mantisbtmantisbtMatch1.0.0rc3

mantisbtmantisbtMatch1.0.0rc4

mantisbtmantisbtMatch1.0.0rc5

mantisbtmantisbtMatch1.0.1

mantisbtmantisbtMatch1.0.2

mantisbtmantisbtMatch1.0.3

mantisbtmantisbtMatch1.0.4

mantisbtmantisbtMatch1.0.5

mantisbtmantisbtMatch1.0.6

mantisbtmantisbtMatch1.0.7

mantisbtmantisbtMatch1.0.8

mantisbtmantisbtMatch1.0.9

mantisbtmantisbtMatch1.1.0

mantisbtmantisbtMatch1.1.0a1

mantisbtmantisbtMatch1.1.0a2

mantisbtmantisbtMatch1.1.0a3

mantisbtmantisbtMatch1.1.0a4

mantisbtmantisbtMatch1.1.0rc1

mantisbtmantisbtMatch1.1.0rc2

mantisbtmantisbtMatch1.1.0rc3

mantisbtmantisbtMatch1.1.1

mantisbtmantisbtMatch1.1.2

mantisbtmantisbtMatch1.1.3

mantisbtmantisbtMatch1.1.4

mantisbtmantisbtMatch1.1.5

mantisbtmantisbtMatch1.1.6

mantisbtmantisbtMatch1.1.7

mantisbtmantisbtMatch1.1.8

mantisbtmantisbtMatch1.1.9

mantisbtmantisbtMatch1.2.0

mantisbtmantisbtMatch1.2.0alpha1

mantisbtmantisbtMatch1.2.0alpha2

mantisbtmantisbtMatch1.2.0alpha3

mantisbtmantisbtMatch1.2.0rc1

mantisbtmantisbtMatch1.2.0rc2

mantisbtmantisbtMatch1.2.1

mantisbtmantisbtMatch1.2.2

mantisbtmantisbtMatch1.2.3

mantisbtmantisbtMatch1.2.4

mantisbtmantisbtMatch1.2.5

mantisbtmantisbtMatch1.2.6

mantisbtmantisbtMatch1.2.7

mantisbtmantisbtMatch1.2.8

mantisbtmantisbtMatch1.2.9

mantisbtmantisbtMatch1.2.10

VendorProductVersionCPE
mantisbtmantisbt*cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*
mantisbtmantisbt0.18.0cpe:2.3:a:mantisbt:mantisbt:0.18.0:*:*:*:*:*:*:*
mantisbtmantisbt0.19.0cpe:2.3:a:mantisbt:mantisbt:0.19.0:*:*:*:*:*:*:*
mantisbtmantisbt0.19.0cpe:2.3:a:mantisbt:mantisbt:0.19.0:a1:*:*:*:*:*:*
mantisbtmantisbt0.19.0cpe:2.3:a:mantisbt:mantisbt:0.19.0:a2:*:*:*:*:*:*
mantisbtmantisbt0.19.0cpe:2.3:a:mantisbt:mantisbt:0.19.0:rc1:*:*:*:*:*:*
mantisbtmantisbt0.19.1cpe:2.3:a:mantisbt:mantisbt:0.19.1:*:*:*:*:*:*:*
mantisbtmantisbt0.19.2cpe:2.3:a:mantisbt:mantisbt:0.19.2:*:*:*:*:*:*:*
mantisbtmantisbt0.19.3cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*
mantisbtmantisbt0.19.4cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mantisbt	mantisbt	*	cpe:2.3:a:mantisbt:mantisbt::::::::
mantisbt	mantisbt	0.18.0	cpe:2.3:a:mantisbt:mantisbt:0.18.0:::::::*
mantisbt	mantisbt	0.19.0	cpe:2.3:a:mantisbt:mantisbt:0.19.0:::::::*
mantisbt	mantisbt	0.19.0	cpe:2.3:a:mantisbt:mantisbt:0.19.0:a1::::::
mantisbt	mantisbt	0.19.0	cpe:2.3:a:mantisbt:mantisbt:0.19.0:a2::::::
mantisbt	mantisbt	0.19.0	cpe:2.3:a:mantisbt:mantisbt:0.19.0:rc1::::::
mantisbt	mantisbt	0.19.1	cpe:2.3:a:mantisbt:mantisbt:0.19.1:::::::*
mantisbt	mantisbt	0.19.2	cpe:2.3:a:mantisbt:mantisbt:0.19.2:::::::*
mantisbt	mantisbt	0.19.3	cpe:2.3:a:mantisbt:mantisbt:0.19.3:::::::*
mantisbt	mantisbt	0.19.4	cpe:2.3:a:mantisbt:mantisbt:0.19.4:::::::*