CVE-2012-1121

MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:P

Exploitability : 6.8 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html
http://secunia.com/advisories/48258	Vendor Advisory
http://secunia.com/advisories/51199
http://security.gentoo.org/glsa/glsa-201211-01.xml
http://www.mantisbt.org/bugs/changelog_page.php?version_id=140
http://www.mantisbt.org/bugs/view.php?id=13561
http://www.openwall.com/lists/oss-security/2012/03/06/9
http://www.securityfocus.com/bid/52313
https://github.com/mantisbt/mantisbt/commit/9443258724e84cb388aa1865b775beaecd80596d	Exploit Patch
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html
http://secunia.com/advisories/48258	Vendor Advisory
http://secunia.com/advisories/51199
http://security.gentoo.org/glsa/glsa-201211-01.xml
http://www.mantisbt.org/bugs/changelog_page.php?version_id=140
http://www.mantisbt.org/bugs/view.php?id=13561
http://www.openwall.com/lists/oss-security/2012/03/06/9
http://www.securityfocus.com/bid/52313
https://github.com/mantisbt/mantisbt/commit/9443258724e84cb388aa1865b775beaecd80596d	Exploit Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mantisbt:mantisbt::::::::
	cpe:2.3:a:mantisbt:mantisbt:0.18.0:::::::*
	cpe:2.3:a:mantisbt:mantisbt:0.19.0:::::::*
	cpe:2.3:a:mantisbt:mantisbt:0.19.0:a1::::::
	cpe:2.3:a:mantisbt:mantisbt:0.19.0:a2::::::
	cpe:2.3:a:mantisbt:mantisbt:0.19.0:rc1::::::
	cpe:2.3:a:mantisbt:mantisbt:0.19.1:::::::*
	cpe:2.3:a:mantisbt:mantisbt:0.19.2:::::::*
	cpe:2.3:a:mantisbt:mantisbt:0.19.3:::::::*
	cpe:2.3:a:mantisbt:mantisbt:0.19.4:::::::*
	cpe:2.3:a:mantisbt:mantisbt:0.19.5:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.0.0:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.0.0:a1::::::
	cpe:2.3:a:mantisbt:mantisbt:1.0.0:a2::::::
	cpe:2.3:a:mantisbt:mantisbt:1.0.0:a3::::::
	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc1::::::
	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc2::::::
	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc3::::::
	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc4::::::
	cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc5::::::
	cpe:2.3:a:mantisbt:mantisbt:1.0.1:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.0.2:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.0.3:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.0.4:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.0.5:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.0.6:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.0.7:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.0.8:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.0.9:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.1.0:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.1.0:a1::::::
	cpe:2.3:a:mantisbt:mantisbt:1.1.0:a2::::::
	cpe:2.3:a:mantisbt:mantisbt:1.1.0:a3::::::
	cpe:2.3:a:mantisbt:mantisbt:1.1.0:a4::::::
	cpe:2.3:a:mantisbt:mantisbt:1.1.0:rc1::::::
	cpe:2.3:a:mantisbt:mantisbt:1.1.0:rc2::::::
	cpe:2.3:a:mantisbt:mantisbt:1.1.0:rc3::::::
	cpe:2.3:a:mantisbt:mantisbt:1.1.1:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.1.2:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.1.3:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.1.4:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.1.5:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.1.6:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.1.7:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.1.8:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.1.9:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.2.0:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha1::::::
	cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha2::::::
	cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha3::::::
	cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc1::::::
	cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc2::::::
	cpe:2.3:a:mantisbt:mantisbt:1.2.1:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.2.2:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.2.3:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.2.4:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.2.5:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.2.6:::::::*
	cpe:2.3:a:mantisbt:mantisbt:1.2.7:::::::*

History

No history.

Information

Published : 2012-06-29 19:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-1121

Mitre link : CVE-2012-1121

CVE.ORG link : CVE-2012-1121

JSON object : View

Products Affected

mantisbt

mantisbt

CWE

CWE-264

Permissions, Privileges, and Access Controls

4.9 /10