Vulnerability Name:

CVE-2012-1118 (CCN-73710)

Assigned:2012-03-06
Published:2012-03-06
Updated:2013-08-27
Summary:The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2012-1118

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-18273

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-18299

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-18294

Source: CCN
Type: SA48258
MantisBT Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
48258

Source: SECUNIA
Type: Vendor Advisory
49572

Source: SECUNIA
Type: UNKNOWN
51199

Source: GENTOO
Type: UNKNOWN
GLSA-201211-01

Source: DEBIAN
Type: UNKNOWN
DSA-2500

Source: DEBIAN
Type: DSA-2500
mantis -- several vulnerabilities

Source: CCN
Type: MantisBT Web Site
Mantis Bug Tracker

Source: CONFIRM
Type: UNKNOWN
http://www.mantisbt.org/bugs/changelog_page.php?version_id=140

Source: CCN
Type: MantisBT ID: 0010124
Bug in access_has_bug_level

Source: CONFIRM
Type: UNKNOWN
http://www.mantisbt.org/bugs/view.php?id=10124

Source: MLIST
Type: UNKNOWN
[oss-security] 20120306 Re: CVE request: mantisbt before 1.2.9

Source: CCN
Type: OSVDB ID: 79834
MantisBT access_has_bug_level() Function Private Bug Information Disclosure

Source: BID
Type: UNKNOWN
52313

Source: CCN
Type: BID-52313
MantisBT Multiple Security Bypass Vulnerabilities

Source: XF
Type: UNKNOWN
mantisbt-accesshasbuglevel-sec-bypass(73710)

Source: CONFIRM
Type: Exploit, Patch
https://github.com/mantisbt/mantisbt/commit/eb803ed02105fc919cf5f789e939f2b824162927

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mantisbt:mantisbt:0.18.0:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:0.19.0:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:0.19.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:0.19.0a1:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:0.19.0a2:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:0.19.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:0.19.2:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:0.19.5:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.0:rc5:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.0a1:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.0a2:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.0a3:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.0:-:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.0a1:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.0a2:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:*:*:*:*:*:*:*:* (Version <= 1.2.8)

    • Configuration CCN 1:
  • cpe:/a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:mantisbt:mantisbt:1.2.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:19825
    P
    		DSA-2500-1 mantis - several
    2014-06-23
    oval:com.ubuntu.precise:def:20121118000
    V
    		CVE-2012-1118 on Ubuntu 12.04 LTS (precise) - medium.
    2012-06-29
    BACK
    mantisbt mantisbt 0.18.0
    mantisbt mantisbt 0.19.0
    mantisbt mantisbt 0.19.0 rc1
    mantisbt mantisbt 0.19.0a1
    mantisbt mantisbt 0.19.0a2
    mantisbt mantisbt 0.19.1
    mantisbt mantisbt 0.19.2
    mantisbt mantisbt 0.19.3
    mantisbt mantisbt 0.19.4
    mantisbt mantisbt 0.19.5
    mantisbt mantisbt 1.0.0
    mantisbt mantisbt 1.0.0 rc1
    mantisbt mantisbt 1.0.0 rc2
    mantisbt mantisbt 1.0.0 rc3
    mantisbt mantisbt 1.0.0 rc4
    mantisbt mantisbt 1.0.0 rc5
    mantisbt mantisbt 1.0.0a1
    mantisbt mantisbt 1.0.0a2
    mantisbt mantisbt 1.0.0a3
    mantisbt mantisbt 1.0.1
    mantisbt mantisbt 1.0.2
    mantisbt mantisbt 1.0.3
    mantisbt mantisbt 1.0.4
    mantisbt mantisbt 1.0.5
    mantisbt mantisbt 1.0.6
    mantisbt mantisbt 1.0.7
    mantisbt mantisbt 1.0.8
    mantisbt mantisbt 1.1.0
    mantisbt mantisbt 1.1.1
    mantisbt mantisbt 1.1.2
    mantisbt mantisbt 1.1.4
    mantisbt mantisbt 1.1.5
    mantisbt mantisbt 1.1.6
    mantisbt mantisbt 1.1.7
    mantisbt mantisbt 1.1.8
    mantisbt mantisbt 1.2.0
    mantisbt mantisbt 1.2.0a1
    mantisbt mantisbt 1.2.0a2
    mantisbt mantisbt 1.2.1
    mantisbt mantisbt 1.2.2
    mantisbt mantisbt 1.2.3
    mantisbt mantisbt 1.2.4
    mantisbt mantisbt 1.2.5
    mantisbt mantisbt 1.2.6
    mantisbt mantisbt 1.2.7
    mantisbt mantisbt *
    mantisbt mantisbt 1.2.1
    mantisbt mantisbt 1.2.2
    mantisbt mantisbt 1.2.3
    mantisbt mantisbt 1.2.6
    mantisbt mantisbt 1.2.4
    mantisbt mantisbt 1.2.7
    mantisbt mantisbt 1.2.8