CVE-2014-9759

Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mantisbt:mantisbt:1.3.0:rc1:*:*:*:*:*:*

History

No history.

Information

Published : 2016-04-11 21:59

Updated : 2024-02-04 18:53


NVD link : CVE-2014-9759

Mitre link : CVE-2014-9759

CVE.ORG link : CVE-2014-9759


JSON object : View

Products Affected

mantisbt

  • mantisbt
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor