oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: information disclosure in MantisBT attachments

From: cve-assign () mitre org
Date: Wed, 19 Nov 2014 18:14:10 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


MantisBT issue attachments can be downloaded without permission.

Due to an incorrect access check, by guessing the download URL
correctly, unprivileged users can download files from a private project
with restricted access to attachments, i.e. where
$g_download_attachments_threshold /
$g_view_attachments_threshold are set e.g. to 55 (developer), if another
project to which they have access does not restrict attachments download.

http://github.com/mantisbt/mantisbt/commit/5f0b150b79868ea9d791e2c46b45b3f41b410e50
http://www.mantisbt.org/bugs/view.php?id=17742


Use CVE-2014-8988.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUbSKQAAoJEKllVAevmvmsYkoH/RBI5X7xjf89SuLHRtWnKEim
2lWoyMDGZYmfCVTobud4K+zsAAnXE3t5MVQBXHbjxP2rgKSFtMl6P1c6nsf9plrI
YqudUDmQfYyeq5mbOp2gSRRwyYYbO8Rvr3lvtHcG6jMnD2Jb41sv0FZZ2NusdXKd
DabAkXlR/ZaGsRwKOdFmRLLQRBdbQT2sZVYme3Nm3GWLSjdwOKhQlUrw0x8uauVN
DnucD61jd5qMPglVFV30aWuR42N39LNZ8w29VbTDXJIxxUCItBupj3IarRuvvrkd
sPhp0ur2GgPawkmeYoFAko4ZLpBtybBisTQwh3odoeRYGbZmIPF4lEsS4wk364c=
=Fq7Y
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: