Re: CVE Request: DB credentials disclosure in MantisBT's unattended upgrade script

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The unattended upgrade script retrieved DB connection settings from POST
> parameters, allowing an attacker to get the script to connect to their host
> with the current DB config credentials.

Use CVE-2014-9279.

- ---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEVAwUBVIHQUallVAevmvmsAQJ4GggAuFASSLrELbRB9MldfS46aXSpS/1BkveR
dmIbdhwCj+hy9NCaUNUyY6G6bXkk7o+1qDkrTuJyxY/DU7HVlIfdpyOqA9ormShk
wlOZ69mvtnzx922PRMVME3yl5UAGNHOgXtsx4688e/gX9SPETTaGV1+EJF5qHpjX
rfCEFJ0HJMm6bkneMoSTBgQ9l0rLr6vAvL045T+AhHKiWm+5F0gHh865lymeDn34
KIublRlsYus5cbYEQaLyn6rIiy2FsxuUz/OeLuUX7Tu2cDq3qNgD1l2ZTajiVuix
5afkenNTbm7vdTVcVdYxhv2QM9Jq+lPOoln8Kq1jiyUmDMnEnI0pWA==
=CH0f
-----END PGP SIGNATURE-----