Lucene search

MitreCVE-2014-9279

HistoryDec 08, 2014 - 4:59 p.m.

CVE-2014-9279

2014-12-0816:59:12

CWE-200

mitre

web.nvd.nist.gov

cve-2014-9279

mantisbt

database credentials

remote attackers

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.005

Percentile

76.4%

JSON

The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL.

Affected configurations

Nvd

Node

mantisbtmantisbtMatch1.0.0a3

mantisbtmantisbtMatch1.0.0rc1

mantisbtmantisbtMatch1.0.0rc2

mantisbtmantisbtMatch1.0.0rc3

mantisbtmantisbtMatch1.0.0rc4

mantisbtmantisbtMatch1.0.0rc5

mantisbtmantisbtMatch1.0.1

mantisbtmantisbtMatch1.0.2

mantisbtmantisbtMatch1.0.3

mantisbtmantisbtMatch1.0.4

mantisbtmantisbtMatch1.0.5

mantisbtmantisbtMatch1.0.6

mantisbtmantisbtMatch1.0.7

mantisbtmantisbtMatch1.0.8

mantisbtmantisbtMatch1.0.9

mantisbtmantisbtMatch1.1.0

mantisbtmantisbtMatch1.1.0a1

mantisbtmantisbtMatch1.1.0a2

mantisbtmantisbtMatch1.1.0a3

mantisbtmantisbtMatch1.1.0a4

mantisbtmantisbtMatch1.1.0rc1

mantisbtmantisbtMatch1.1.0rc2

mantisbtmantisbtMatch1.1.0rc3

mantisbtmantisbtMatch1.1.1

mantisbtmantisbtMatch1.1.2

mantisbtmantisbtMatch1.1.3

mantisbtmantisbtMatch1.1.4

mantisbtmantisbtMatch1.1.5

mantisbtmantisbtMatch1.1.6

mantisbtmantisbtMatch1.1.7

mantisbtmantisbtMatch1.1.8

mantisbtmantisbtMatch1.1.9

mantisbtmantisbtMatch1.2.0

mantisbtmantisbtMatch1.2.0alpha1

mantisbtmantisbtMatch1.2.0alpha2

mantisbtmantisbtMatch1.2.0alpha3

mantisbtmantisbtMatch1.2.0rc1

mantisbtmantisbtMatch1.2.0rc2

mantisbtmantisbtMatch1.2.1

mantisbtmantisbtMatch1.2.10

mantisbtmantisbtMatch1.2.11

mantisbtmantisbtMatch1.2.12

mantisbtmantisbtMatch1.2.13

mantisbtmantisbtMatch1.2.14

mantisbtmantisbtMatch1.2.15

mantisbtmantisbtMatch1.2.16

mantisbtmantisbtMatch1.2.17

VendorProductVersionCPE
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:a3:*:*:*:*:*:*
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc1:*:*:*:*:*:*
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc2:*:*:*:*:*:*
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc3:*:*:*:*:*:*
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc4:*:*:*:*:*:*
mantisbtmantisbt1.0.0cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc5:*:*:*:*:*:*
mantisbtmantisbt1.0.1cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*
mantisbtmantisbt1.0.2cpe:2.3:a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*
mantisbtmantisbt1.0.3cpe:2.3:a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*
mantisbtmantisbt1.0.4cpe:2.3:a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:a3::::::
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc1::::::
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc2::::::
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc3::::::
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc4::::::
mantisbt	mantisbt	1.0.0	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc5::::::
mantisbt	mantisbt	1.0.1	cpe:2.3:a:mantisbt:mantisbt:1.0.1:::::::*
mantisbt	mantisbt	1.0.2	cpe:2.3:a:mantisbt:mantisbt:1.0.2:::::::*
mantisbt	mantisbt	1.0.3	cpe:2.3:a:mantisbt:mantisbt:1.0.3:::::::*
mantisbt	mantisbt	1.0.4	cpe:2.3:a:mantisbt:mantisbt:1.0.4:::::::*