Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-6574

Published: 15/12/2006 Updated: 29/07/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Mantis

Vulnerability Summary

Mantis prior to 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote malicious users to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.

Vulnerable Product Search on Vulmon Subscribe to Product

mantis mantis 1.0.0a1

mantis mantis 1.0.0a2

mantis mantis 1.0.6

mantis mantis

mantis mantis 1.0.0_rc1

mantis mantis 1.0.0_rc2

mantis mantis 1.0.0_rc3

mantis mantis 1.0.2

mantis mantis 1.0.3

mantis mantis 1.0.0_rc4

mantis mantis 1.0.0_rc5

mantis mantis 1.0.4

mantis mantis 1.0.5

mantis mantis 1.0.0

mantis mantis 1.0.0a3

mantis mantis 1.0.1

Vendor Advisories

Debian Security Advisories: DSA-1467-1 mantis -- several vulnerabilities
Several remote vulnerabilities have been discovered in Mantis, a web based bug tracking system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-6574 Custom fields were not appropriately protected by per-item access control, allowing for sensitive data to be published CVE-2007-6611 Multiple ...

References

NVD-CWE-Otherhttp://bugs.mantisbugtracker.com/view.php?id=3375http://bugs.mantisbugtracker.com/view.php?id=7364http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34&r2=1.35http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=loghttp://sourceforge.net/project/shownotes.php?release_id=469627http://www.mantisbugtracker.com/changelog.phphttp://secunia.com/advisories/23258http://www.debian.org/security/2008/dsa-1467http://www.securityfocus.com/bid/21566http://secunia.com/advisories/28551http://www.vupen.com/english/advisories/2006/4978https://exchange.xforce.ibmcloud.com/vulnerabilities/30870https://www.debian.org/security/./dsa-1467https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook