CVE-2004-2666

First published: Fri Dec 31 2004(Updated: )

Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mantis Mantis	=0.10.2
Mantis Mantis	=0.10
Mantis Mantis	=0.14.7
Mantis Mantis	=0.19
Mantis Mantis	=0.18.2
Mantis Mantis	=0.15.12
Mantis Mantis	=0.18.0a2
Mantis Mantis	=0.18.0a4
Mantis Mantis	=0.15.3
Mantis Mantis	=0.18
Mantis Mantis	=0.15.9
Mantis Mantis	=0.14.2
Mantis Mantis	=0.9.1
Mantis Mantis	=0.13
Mantis Mantis	=0.10.1
Mantis Mantis	=0.15.10
Mantis Mantis	=0.16.1
Mantis Mantis	=0.15.2
Mantis Mantis	=0.15.4
Mantis Mantis	=0.15.11
Mantis Mantis	=0.19.0a1
Mantis Mantis	=0.11
Mantis Mantis	=0.17.4a
Mantis Mantis	=0.14.5
Mantis Mantis	=0.19.0a2
Mantis Mantis	=0.18.0a3
Mantis Mantis	=0.17.2
Mantis Mantis	=0.18.3
Mantis Mantis	=0.14.3
Mantis Mantis	=0.15.7
Mantis Mantis	=0.17.3
Mantis Mantis	=0.19.0_rc1
Mantis Mantis	=0.17.1
Mantis Mantis	=0.19.0a
Mantis Mantis	=0.16
Mantis Mantis	=0.18.0_rc1
Mantis Mantis	=0.14.6
Mantis Mantis	=0.14.4
Mantis Mantis	=0.11.1
Mantis Mantis	=0.18.0a1
Mantis Mantis	=0.15.5
Mantis Mantis	=0.12
Mantis Mantis	=0.15.1
Mantis Mantis	=0.14.8
Mantis Mantis	=0.17.5
Mantis Mantis	=0.18a1
Mantis Mantis	=0.13.1
Mantis Mantis	=0.15.8
Mantis Mantis	=0.17.4
Mantis Mantis	=0.14.1
Mantis Mantis	=0.18.1
Mantis Mantis	=0.15.6
Mantis Mantis	=0.17
Mantis Mantis	=0.14
Mantis Mantis	=0.15
Mantis Mantis	=0.9

Remedy

http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/author
agent/description
agent/type
agent/event
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/mantis
canonical/mantis mantis
version/mantis mantis/0.10.2
version/mantis mantis/0.10
version/mantis mantis/0.14.7
version/mantis mantis/0.19
version/mantis mantis/0.18.2
version/mantis mantis/0.15.12
version/mantis mantis/0.18.0a2
version/mantis mantis/0.18.0a4
version/mantis mantis/0.15.3
version/mantis mantis/0.18
version/mantis mantis/0.15.9
version/mantis mantis/0.14.2
version/mantis mantis/0.9.1
version/mantis mantis/0.13
version/mantis mantis/0.10.1
version/mantis mantis/0.15.10
version/mantis mantis/0.16.1
version/mantis mantis/0.15.2
version/mantis mantis/0.15.4
version/mantis mantis/0.15.11
version/mantis mantis/0.19.0a1
version/mantis mantis/0.11
version/mantis mantis/0.17.4a
version/mantis mantis/0.14.5
version/mantis mantis/0.19.0a2
version/mantis mantis/0.18.0a3
version/mantis mantis/0.17.2
version/mantis mantis/0.18.3
version/mantis mantis/0.14.3
version/mantis mantis/0.15.7
version/mantis mantis/0.17.3
version/mantis mantis/0.19.0_rc1
version/mantis mantis/0.17.1
version/mantis mantis/0.19.0a
version/mantis mantis/0.16
version/mantis mantis/0.18.0_rc1
version/mantis mantis/0.14.6
version/mantis mantis/0.14.4
version/mantis mantis/0.11.1
version/mantis mantis/0.18.0a1
version/mantis mantis/0.15.5
version/mantis mantis/0.12
version/mantis mantis/0.15.1
version/mantis mantis/0.14.8
version/mantis mantis/0.17.5
version/mantis mantis/0.18a1
version/mantis mantis/0.13.1
version/mantis mantis/0.15.8
version/mantis mantis/0.17.4
version/mantis mantis/0.14.1
version/mantis mantis/0.18.1
version/mantis mantis/0.15.6
version/mantis mantis/0.17
version/mantis mantis/0.14
version/mantis mantis/0.15
version/mantis mantis/0.9

CVE-2004-2666

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact