Lucene search

RedhatCVELIST:CVE-2012-2691

HistoryJun 17, 2012 - 1:00 a.m.

CVE-2012-2691

2012-06-1701:00:00

redhat

www.cve.org

AI Score

6.1

Confidence

High

EPSS

0.017

Percentile

87.9%

JSON

The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request.

References

lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html

secunia.com/advisories/49414

secunia.com/advisories/51199

security.gentoo.org/glsa/glsa-201211-01.xml

www.mantisbt.org/bugs/changelog_page.php?version_id=148

www.mantisbt.org/bugs/view.php?id=14340

www.openwall.com/lists/oss-security/2012/06/09/1

www.openwall.com/lists/oss-security/2012/06/11/6

www.securityfocus.com/bid/53907

www.securityfocus.com/bid/56467

exchange.xforce.ibmcloud.com/vulnerabilities/76180

github.com/mantisbt/mantisbt/commit/175d973105fe9f03a37ced537b742611631067e0

github.com/mantisbt/mantisbt/commit/edc8142bb8ac0ac0df1a3824d78c15f4015d959e