Vulnerability Name:
CVE-2004-2666 (CCN-17982)
Assigned:
2004-11-08
Published:
2004-11-08
Updated:
2008-09-05
Summary:
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
None
Availibility (A):
None
CVSS v2 Severity:
5.0 Medium
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
5.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Obtain Information
References:
Source: CCN
Type: Mantis Security Advisory ID 0004341
Users removed from projects are still listed as 'monitoring' bugs
Source: CONFIRM
Type: UNKNOWN
http://bugs.mantisbugtracker.com/view.php?id=4724
Source: MITRE
Type: CNA
CVE-2004-2666
Source: MISC
Type: UNKNOWN
http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24&r2=1.25
Source: MISC
Type: Patch
http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log
Source: CCN
Type: Mantis Web page
Project: Mantis: Summary
Source: CCN
Type: OSVDB ID: 35979
Mantis view_history_threshold Bug History Disclosure
Source: CCN
Type: BID-11622
Mantis Multiple Information Disclosure Vulnerabilities
Source: XF
Type: UNKNOWN
mantis-monitor-obtain-information(17982)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:mantis:mantis:0.9:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.9.1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.10:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.10.1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.10.2:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.11:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.11.1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.12:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.13:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.13.1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.14:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.14.1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.14.2:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.14.3:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.14.4:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.14.5:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.14.6:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.14.7:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.14.8:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.15:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.15.1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.15.2:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.15.3:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.15.4:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.15.5:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.15.6:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.15.7:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.15.8:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.15.9:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.15.10:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.15.11:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.15.12:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.16:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.16.1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.17:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.17.1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.17.2:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.17.3:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.17.4:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.17.5:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.18:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.18.1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.18.2:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.18.3:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.18a1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.19:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*
OR
cpe:/a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
mantis
mantis 0.9
mantis
mantis 0.9.1
mantis
mantis 0.10
mantis
mantis 0.10.1
mantis
mantis 0.10.2
mantis
mantis 0.11
mantis
mantis 0.11.1
mantis
mantis 0.12
mantis
mantis 0.13
mantis
mantis 0.13.1
mantis
mantis 0.14
mantis
mantis 0.14.1
mantis
mantis 0.14.2
mantis
mantis 0.14.3
mantis
mantis 0.14.4
mantis
mantis 0.14.5
mantis
mantis 0.14.6
mantis
mantis 0.14.7
mantis
mantis 0.14.8
mantis
mantis 0.15
mantis
mantis 0.15.1
mantis
mantis 0.15.2
mantis
mantis 0.15.3
mantis
mantis 0.15.4
mantis
mantis 0.15.5
mantis
mantis 0.15.6
mantis
mantis 0.15.7
mantis
mantis 0.15.8
mantis
mantis 0.15.9
mantis
mantis 0.15.10
mantis
mantis 0.15.11
mantis
mantis 0.15.12
mantis
mantis 0.16
mantis
mantis 0.16.1
mantis
mantis 0.17
mantis
mantis 0.17.1
mantis
mantis 0.17.2
mantis
mantis 0.17.3
mantis
mantis 0.17.4
mantis
mantis 0.17.4a
mantis
mantis 0.17.5
mantis
mantis 0.18
mantis
mantis 0.18.0_rc1
mantis
mantis 0.18.0a1
mantis
mantis 0.18.0a2
mantis
mantis 0.18.0a3
mantis
mantis 0.18.0a4
mantis
mantis 0.18.1
mantis
mantis 0.18.2
mantis
mantis 0.18.3
mantis
mantis 0.18a1
mantis
mantis 0.19
mantis
mantis 0.19.0_rc1
mantis
mantis 0.19.0a
mantis
mantis 0.19.0a1
mantis
mantis 0.19.0a2
Denotes that component is vulnerable