Vulnerability Description
MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.
CVSS Score
4.9
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mantisbt | Mantisbt | <= 1.2.8 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.h
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.h
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.h
- http://secunia.com/advisories/48258Vendor Advisory
- http://secunia.com/advisories/51199
- http://security.gentoo.org/glsa/glsa-201211-01.xml
- http://www.mantisbt.org/bugs/changelog_page.php?version_id=140
- http://www.mantisbt.org/bugs/view.php?id=13561
- http://www.openwall.com/lists/oss-security/2012/03/06/9
- http://www.securityfocus.com/bid/52313
- https://github.com/mantisbt/mantisbt/commit/9443258724e84cb388aa1865b775beaecd80ExploitPatch
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.h
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.h
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.h
- http://secunia.com/advisories/48258Vendor Advisory
FAQ
What is CVE-2012-1121?
CVE-2012-1121 is a vulnerability with a CVSS score of 4.9 (MEDIUM). MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.
How severe is CVE-2012-1121?
CVE-2012-1121 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1121?
Check the references section above for vendor advisories and patch information. Affected products include: Mantisbt Mantisbt.