ID |
CVE-2008-4688
|
Sažetak |
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number. |
Reference |
|
CVSS |
Base: | 5.0 |
Impact: | 2.9 |
Exploitability: | 10.0 |
|
Pristup |
Vektor | Složenost | Autentikacija |
NETWORK |
LOW |
NONE |
|
Impact |
Povjerljivost | Cjelovitost | Dostupnost |
PARTIAL |
NONE |
NONE |
|
CVSS vektor |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
Zadnje važnije ažuriranje |
10-02-2009 - 06:56 |
Objavljeno |
22-10-2008 - 18:00 |