CVE

CVE-2002-1112

Date: (C)2002-10-04   (M)2023-12-22

Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE

Reference:

http://marc.info/?l=bugtraq&m=102978673018271&w=2

BID-5514

DSA-153

http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt

mantis-private-project-bug-listing(9899)