Vulnerability CVE-2008-4688 - CERT Civis.Net

Vulnerability Name:

CVE-2008-4688 (CCN-46087)

Assigned:

2008-10-20

Published:

2008-10-20

Updated:

2009-02-10

Summary:

core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: Gentoo Bugzilla Bug 241940
www-apps/mantisbt < 1.1.3: Logout functionality is broken (CVE-2008-4689)

Source: MITRE
Type: CNA
CVE-2008-4688

Source: CONFIRM
Type: UNKNOWN
http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285&r2=5384&pathrev=5384

Source: CCN
Type: SA32243
Mantis Referenced Reports Information Disclosure Security Issue

Source: SECUNIA
Type: UNKNOWN
32243

Source: SECUNIA
Type: UNKNOWN
32975

Source: CCN
Type: GLSA-200812-07
Mantis: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200812-07

Source: CCN
Type: Mantis Web site
mantisbt - Change Log, mantisbt - 1.1.4 (released 2008-10-18)

Source: CONFIRM
Type: UNKNOWN
http://www.mantisbt.org/bugs/changelog_page.php

Source: CCN
Type: Mantis Bug ID: 0009321
Users can get title and status of issues that they don't have access to.

Source: CONFIRM
Type: UNKNOWN
http://www.mantisbt.org/bugs/view.php?id=9321

Source: CCN
Type: oss-security Mailing List, Mon, 20 Oct 2008 09:16:52 +0200
Re: CVE request: mantisbt < 1.1.4: RCE

Source: MLIST
Type: UNKNOWN
[oss-security] 20081020 Re: CVE request: mantisbt < 1.1.4: RCE

Source: CCN
Type: OSVDB ID: 49477
Mantis core/string_api.php Modified Issue Number Remote Information Disclosure

Source: BID
Type: UNKNOWN
31868

Source: CCN
Type: BID-31868
Mantis 'string_api.php' Issue Number Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
mantis-stringapi-info-disclosure(46087)

Vulnerable Configuration:

Configuration 1:

cpe:/a:mantis:mantis:0.19.3:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:0.19.4:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:*:*:*:*:*:*:*:* (Version <= 1.1.3)

Configuration CCN 1:

cpe:/a:mantis:mantis:0.19.4:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:0.19.3:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:mantis:mantis:1.0.7:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

Denotes that component is vulnerable