← voltar
CVE-2012-5523

CVE-2012-5523

EPSS 1.9%
core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.htmlhttp://openwall.com/lists/oss-security/2012/11/14/1https://exchange.xforce.ibmcloud.com/vulnerabilities/80070http://www.mantisbt.org/bugs/changelog_page.php?version_id=150http://www.mantisbt.org/bugs/view.php?id=14704http://www.securityfocus.com/bid/56520