|
|
CVE Reference: CVE-2008-4688 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-4688 |
|
|
Description: core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number. |
|
|
CVE Status: Candidate |
|
|
References: SAID Secunia Advisory: SA32975 Secunia Advisory: SA32243 MLIST http://www.openwall.com/lists/oss-security/2008/10/20/1 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml CONFIRM http://www.mantisbt.org/bugs/view.php?id=9321 http://www.mantisbt.org/bugs/changelog_page.php http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285&r2=5384&pathrev=5384 BID 31868 |
|
| Return to the previous page. |
