CVE-2015-5059

The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
mantisbtmantisbt
𝑥
≤ 1.2.19
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mantis
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
dne
trusty
dne
precise
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163191.html
http://www.openwall.com/lists/oss-security/2015/06/25/3
http://www.openwall.com/lists/oss-security/2015/06/25/4
http://www.securityfocus.com/bid/75414
https://bugzilla.redhat.com/show_bug.cgi?id=1237199
https://github.com/mantisbt/mantisbt/commit/a4be76d6e5c4939545d84712c79d3f8f4a108c4f
https://github.com/mantisbt/mantisbt/commit/f39cf5251953b468e9d921e1cf2aca3abdb00772
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163191.html
http://www.openwall.com/lists/oss-security/2015/06/25/3
http://www.openwall.com/lists/oss-security/2015/06/25/4
http://www.securityfocus.com/bid/75414
https://bugzilla.redhat.com/show_bug.cgi?id=1237199
https://github.com/mantisbt/mantisbt/commit/a4be76d6e5c4939545d84712c79d3f8f4a108c4f
https://github.com/mantisbt/mantisbt/commit/f39cf5251953b468e9d921e1cf2aca3abdb00772