Vulnerability CVE-2012-1122 - CERT Civis.Net

Vulnerability Name:

CVE-2012-1122 (CCN-76612)

Assigned:

2012-06-03

Published:

2012-06-03

Updated:

2013-08-27

Summary:

bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to bypass intended access restrictions and move bug reports to a different project.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

3.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:P)
2.6 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2012-1122

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-18273

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-18299

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-18294

Source: CCN
Type: SA48258
MantisBT Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
48258

Source: SECUNIA
Type: Vendor Advisory
49572

Source: SECUNIA
Type: UNKNOWN
51199

Source: GENTOO
Type: UNKNOWN
GLSA-201211-01

Source: DEBIAN
Type: UNKNOWN
DSA-2500

Source: DEBIAN
Type: DSA-2500
mantis -- several vulnerabilities

Source: CCN
Type: MantisBT Web Site
Mantis Bug Tracker

Source: CONFIRM
Type: UNKNOWN
http://www.mantisbt.org/bugs/changelog_page.php?version_id=140

Source: CCN
Type: MantisBT ID: 0013748
Can't move bugs from projects with access < report_bug_threshold

Source: CONFIRM
Type: UNKNOWN
http://www.mantisbt.org/bugs/view.php?id=13748

Source: MLIST
Type: UNKNOWN
[oss-security] 20120306 Re: CVE request: mantisbt before 1.2.9

Source: CCN
Type: OSVDB ID: 83223
MantisBT Cross-project Bug Moving Access Check Unspecified issue

Source: BID
Type: UNKNOWN
52313

Source: CCN
Type: BID-52313
MantisBT Multiple Security Bypass Vulnerabilities

Source: XF
Type: UNKNOWN
mantisbt-threshold-sec-bypass(76612)

Source: CONFIRM
Type: Exploit, Patch
https://github.com/mantisbt/mantisbt/commit/0da3f7ace233208eb3c8d628cc2fd6e56d83839f

Vulnerable Configuration:

Configuration 1:

cpe:/a:mantisbt:mantisbt:0.18.0:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:0.19.0:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:0.19.0:rc1:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:0.19.0a1:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:0.19.0a2:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:0.19.1:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:0.19.2:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:0.19.5:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.0:rc4:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.0:rc5:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.0a1:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.0a2:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.0a3:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.0:-:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.0a1:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.0a2:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.5:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:*:*:*:*:*:*:*:* (Version <= 1.2.8)

Configuration CCN 1:

cpe:/a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:mantisbt:mantisbt:1.2.8:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:19825	P	DSA-2500-1 mantis - several	2014-06-23
oval:com.ubuntu.precise:def:20121122000	V	CVE-2012-1122 on Ubuntu 12.04 LTS (precise) - medium.	2012-06-29