Back to search
CVE-2012-5523
Published: Nov 16, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2012-18299
vendor-advisory
x_refsource_FEDORA
56520
vdb-entry
x_refsource_BID
mantisbt-cloned-info-disc(80070)
vdb-entry
x_refsource_XF
[oss-security] 20121114 Re: CVE request: mantis before 1.2.12
mailing-list
x_refsource_MLIST
FEDORA-2012-18294
vendor-advisory
x_refsource_FEDORA
http://www.mantisbt.org/bugs/changelog_page.php?version_id=150
x_refsource_CONFIRM
FEDORA-2012-18273
vendor-advisory
x_refsource_FEDORA
http://www.mantisbt.org/bugs/view.php?id=14704
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now