CVE-2014-9759CVE-2014-9759

Affected configuration(s):

cpe:/a:mantisbt:mantisbt:1.3.0:rc1

Date published: 2016-04-11T17:59:00.163-04:00

Date last modified: 2016-12-02T22:02:12.987-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://sourceforge.net/p/mantisbt/mailman/message/32948048/

Summary: Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.