Affected configuration(s):


Date published: 2016-04-11T17:59:00.163-04:00

Date last modified: 2016-12-02T22:02:12.987-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL:

Summary: Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.