CVE-2012-5522

EUVD-2012-5414
MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
mantisbtmantisbt
𝑥
≤ 1.2.11
mantisbtmantisbt
0.18.0
mantisbtmantisbt
0.19.0
mantisbtmantisbt
0.19.0:a1
mantisbtmantisbt
0.19.0:a2
mantisbtmantisbt
0.19.0:rc1
mantisbtmantisbt
0.19.1
mantisbtmantisbt
0.19.2
mantisbtmantisbt
0.19.3
mantisbtmantisbt
0.19.4
mantisbtmantisbt
0.19.5
mantisbtmantisbt
1.0.0
mantisbtmantisbt
1.0.0:a1
mantisbtmantisbt
1.0.0:a2
mantisbtmantisbt
1.0.0:a3
mantisbtmantisbt
1.0.0:rc1
mantisbtmantisbt
1.0.0:rc2
mantisbtmantisbt
1.0.0:rc3
mantisbtmantisbt
1.0.0:rc4
mantisbtmantisbt
1.0.0:rc5
mantisbtmantisbt
1.0.1
mantisbtmantisbt
1.0.2
mantisbtmantisbt
1.0.3
mantisbtmantisbt
1.0.4
mantisbtmantisbt
1.0.5
mantisbtmantisbt
1.0.6
mantisbtmantisbt
1.0.7
mantisbtmantisbt
1.0.8
mantisbtmantisbt
1.0.9
mantisbtmantisbt
1.1.0
mantisbtmantisbt
1.1.0:a1
mantisbtmantisbt
1.1.0:a2
mantisbtmantisbt
1.1.0:a3
mantisbtmantisbt
1.1.0:a4
mantisbtmantisbt
1.1.0:rc1
mantisbtmantisbt
1.1.0:rc2
mantisbtmantisbt
1.1.0:rc3
mantisbtmantisbt
1.1.1
mantisbtmantisbt
1.1.2
mantisbtmantisbt
1.1.3
mantisbtmantisbt
1.1.4
mantisbtmantisbt
1.1.5
mantisbtmantisbt
1.1.6
mantisbtmantisbt
1.1.7
mantisbtmantisbt
1.1.8
mantisbtmantisbt
1.1.9
mantisbtmantisbt
1.2.0
mantisbtmantisbt
1.2.0:alpha1
mantisbtmantisbt
1.2.0:alpha2
mantisbtmantisbt
1.2.0:alpha3
mantisbtmantisbt
1.2.0:rc1
mantisbtmantisbt
1.2.0:rc2
mantisbtmantisbt
1.2.1
mantisbtmantisbt
1.2.2
mantisbtmantisbt
1.2.3
mantisbtmantisbt
1.2.4
mantisbtmantisbt
1.2.5
mantisbtmantisbt
1.2.6
mantisbtmantisbt
1.2.7
mantisbtmantisbt
1.2.8
mantisbtmantisbt
1.2.9
mantisbtmantisbt
1.2.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mantis
hardy
ignored
lucid
ignored
oneiric
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html
http://openwall.com/lists/oss-security/2012/11/14/1
http://www.mantisbt.org/bugs/changelog_page.php?version_id=150
http://www.mantisbt.org/bugs/view.php?id=14496
http://www.securityfocus.com/bid/56520
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html
http://openwall.com/lists/oss-security/2012/11/14/1
http://www.mantisbt.org/bugs/changelog_page.php?version_id=150
http://www.mantisbt.org/bugs/view.php?id=14496
http://www.securityfocus.com/bid/56520