fkie_nvd - fkie_cve-2012-2692

fkie_cve-2012-2692

Vulnerability from fkie_nvd

Published

2012-06-17 03:41

Modified

2024-11-21 01:39

Severity ?

Summary

MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html
secalert@redhat.com	http://secunia.com/advisories/51199
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201211-01.xml
secalert@redhat.com	http://www.mantisbt.org/bugs/changelog_page.php?version_id=148
secalert@redhat.com	http://www.mantisbt.org/bugs/view.php?id=14016
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/06/09/1
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/06/11/6
secalert@redhat.com	http://www.securityfocus.com/bid/53921
secalert@redhat.com	https://github.com/mantisbt/mantisbt/commit/ceafe6f0c679411b81368052633a63dd3ca06d9c	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51199
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201211-01.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.mantisbt.org/bugs/changelog_page.php?version_id=148
af854a3a-2127-422b-91ae-364da2661108	http://www.mantisbt.org/bugs/view.php?id=14016
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/06/09/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/06/11/6
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53921
af854a3a-2127-422b-91ae-364da2661108	https://github.com/mantisbt/mantisbt/commit/ceafe6f0c679411b81368052633a63dd3ca06d9c	Patch

Impacted products

Vendor	Product	Version
mantisbt	mantisbt	*
mantisbt	mantisbt	0.18.0
mantisbt	mantisbt	0.19.0
mantisbt	mantisbt	0.19.0
mantisbt	mantisbt	0.19.0
mantisbt	mantisbt	0.19.0
mantisbt	mantisbt	0.19.1
mantisbt	mantisbt	0.19.2
mantisbt	mantisbt	0.19.3
mantisbt	mantisbt	0.19.4
mantisbt	mantisbt	0.19.5
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.1
mantisbt	mantisbt	1.0.2
mantisbt	mantisbt	1.0.3
mantisbt	mantisbt	1.0.4
mantisbt	mantisbt	1.0.5
mantisbt	mantisbt	1.0.6
mantisbt	mantisbt	1.0.7
mantisbt	mantisbt	1.0.8
mantisbt	mantisbt	1.1.0
mantisbt	mantisbt	1.1.1
mantisbt	mantisbt	1.1.2
mantisbt	mantisbt	1.1.4
mantisbt	mantisbt	1.1.5
mantisbt	mantisbt	1.1.6
mantisbt	mantisbt	1.1.7
mantisbt	mantisbt	1.1.8
mantisbt	mantisbt	1.2.0
mantisbt	mantisbt	1.2.0
mantisbt	mantisbt	1.2.0
mantisbt	mantisbt	1.2.1
mantisbt	mantisbt	1.2.2
mantisbt	mantisbt	1.2.3
mantisbt	mantisbt	1.2.4
mantisbt	mantisbt	1.2.5
mantisbt	mantisbt	1.2.6
mantisbt	mantisbt	1.2.7
mantisbt	mantisbt	1.2.8
mantisbt	mantisbt	1.2.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE1D8387-0DCB-476C-8789-561074548E01",
              "versionEndIncluding": "1.2.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF83F757-4B62-441C-8421-15809E573A83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A608AFEC-B265-4143-99DA-BB2AE9D522BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.0:a1:*:*:*:*:*:*",
              "matchCriteriaId": "A826DA75-7DEE-4E96-9B00-347508BBCFE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.0:a2:*:*:*:*:*:*",
              "matchCriteriaId": "06663B16-0609-4FCF-9B42-6BF30D25E67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7FCB56AC-4C14-49B1-BEFE-8651BC70476E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F59BAE6B-C73D-4BE2-AEF9-93F2F4A4373F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DA5C2F-FB7C-4D95-81DE-24D8EADC5C30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "85A3FBD5-163C-4990-B809-A5C9C81A3C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3FDF456-9648-4A7C-B15A-2828A32D4962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:0.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EE8BCBE-D864-4311-B73A-DF92162D8DF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B2602F7-2D93-4E1E-9425-4EDD23752029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:a1:*:*:*:*:*:*",
              "matchCriteriaId": "482256A6-B213-4226-AF03-9F93164AA337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:a2:*:*:*:*:*:*",
              "matchCriteriaId": "1F005474-CEBD-48FC-9C7F-861AFF771081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:a3:*:*:*:*:*:*",
              "matchCriteriaId": "BEF461E5-24D2-4540-A2FC-E0D4C3488B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62F6B391-DDE3-4E8E-8582-85EA7287E591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "80DBD667-1FB9-4354-9150-A190D4D817A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F27E40C0-263F-452B-8C91-E621A02EFC28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "CB888B14-EA67-4EDB-A3AF-ACD3F0A6227E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "1DB45A02-2522-4E10-BC81-48750ACB42DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "86DE3BE3-D6C9-4905-9E61-B70776460604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F128A2E2-D509-4B50-95C2-1A31C5B3B31F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "140D5F68-1CAB-458C-BC8B-4F726D657FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D25F4F5-7678-41C1-93CB-305883A08527",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A1316D-314B-4740-A836-D5E6319F4B28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBD27CCE-28C4-43CC-8CBD-D7FFB46171AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "97298C43-B881-4C11-ADB6-17A8E43EB84E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7257ADD7-C9B7-4F85-AA13-615DD033FD5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "02FE950B-5E29-4FAA-9BE5-79F38B4C38F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F2BA78-D054-4E49-ABCA-637922898BF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4595B1E3-25AB-489E-A847-FDBF2554DD6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11A8F17-5253-475B-89FF-A26EA7531E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A88B09D-CDCF-45FD-B004-13B597DA4F48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "49583BE8-B832-4E9F-B154-47A26C72489D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2501F40-3630-4528-BE0A-61D4BB6EC7FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9223DAF7-D03E-4A4E-8AB5-5CEB87DFF2C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF77ABF-0A03-437A-B241-1EF2BBB83D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "9DA2615A-CD65-4765-AB0A-D72C2BEB00F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "7D09CC46-DFA2-408D-8720-05C23E73C859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F096CD6-534E-4ABF-B2DF-D4B55B8C5F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66AB537-6FBA-4A51-B10C-BF61F54BC01B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A50835BF-D28B-47FF-81F0-C34D95D6F2E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA0EB9A6-1DFD-4C17-A002-0899DA252A56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBA33285-3EE7-43FD-8347-E7D9A18DC134",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8827C2B4-EBEC-4D64-9AC8-07A048467F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F32DFF4-6448-46FD-9358-4FB1C310EC2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20328CE4-0488-43B8-AA64-A6CB2230C74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDEB950-D3F4-4B96-B456-B8441DC403D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments."
    },
    {
      "lang": "es",
      "value": "MantisBT anterior a v1.2.11 no comprueba el permiso delete_attachments_threshold form_security_validation cuando est\u00e1 en OFF, lo que permite a usuarios remotos autenticados con ciertos privilegios eludir las restricciones de acceso previstas y eliminar archivos adjuntos arbitrarios."
    }
  ],
  "id": "CVE-2012-2692",
  "lastModified": "2024-11-21T01:39:27.473",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-17T03:41:41.907",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/51199"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=148"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mantisbt.org/bugs/view.php?id=14016"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/09/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/11/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/53921"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/mantisbt/mantisbt/commit/ceafe6f0c679411b81368052633a63dd3ca06d9c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/51199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mantisbt.org/bugs/view.php?id=14016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/09/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/11/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/mantisbt/mantisbt/commit/ceafe6f0c679411b81368052633a63dd3ca06d9c"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2012-2692

Vulnerability from cvelistv5

Published

2012-06-17 01:00

Modified

2024-08-06 19:42