Vulnerability Description
Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mantisbt | Mantisbt | 1.3.0 |
Related Weaknesses (CWE)
References
- http://sourceforge.net/p/mantisbt/mailman/message/32948048/Patch
- http://www.openwall.com/lists/oss-security/2016/01/02/1
- http://www.openwall.com/lists/oss-security/2016/01/03/2
- http://www.securitytracker.com/id/1035518
- https://mantisbt.org/bugs/view.php?id=20277Patch
- http://sourceforge.net/p/mantisbt/mailman/message/32948048/Patch
- http://www.openwall.com/lists/oss-security/2016/01/02/1
- http://www.openwall.com/lists/oss-security/2016/01/03/2
- http://www.securitytracker.com/id/1035518
- https://mantisbt.org/bugs/view.php?id=20277Patch
FAQ
What is CVE-2014-9759?
CVE-2014-9759 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information ...
How severe is CVE-2014-9759?
CVE-2014-9759 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9759?
Check the references section above for vendor advisories and patch information. Affected products include: Mantisbt Mantisbt.