CVE-2014-9759

Published: Apr 11, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20160103 Re: CVE Request: MantisBT SOAP API can be used to disclose confidential settings

mailing-list

x_refsource_MLIST

https://mantisbt.org/bugs/view.php?id=20277

x_refsource_CONFIRM

[oss-security] 20160102 CVE Request: MantisBT SOAP API can be used to disclose confidential settings

mailing-list

x_refsource_MLIST

1035518

vdb-entry

x_refsource_SECTRACK

http://sourceforge.net/p/mantisbt/mailman/message/32948048/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-9759

Description

Affected Products

References