VIR Vulnerability Intelligence Relay

CVE-2012-1119

medium
Published 2012-06-29 · Modified 2026-04-29
CVSS v3
CVSS v2
6.4
VIR risk
6.4

Description

MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/mantisbt/mantisbt/commit/dea7e315f3fc96dfa995e56e8810845fc07a47aa

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/mantisbt/mantisbt/commit/cf5df427f17cf9204645f83e000665780eb9afe6

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/49572

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/48258

Application impact
VendorProductVersionsFixed
mantisbtmantisbt{"endIncluding":"1.2.8"}
mantisbtmantisbt0.18.0
mantisbtmantisbt0.19.0
mantisbtmantisbt0.19.1
mantisbtmantisbt0.19.2
mantisbtmantisbt0.19.3
mantisbtmantisbt0.19.4
mantisbtmantisbt0.19.5
mantisbtmantisbt1.0.0
mantisbtmantisbt1.0.1
mantisbtmantisbt1.0.2
mantisbtmantisbt1.0.3
mantisbtmantisbt1.0.4
mantisbtmantisbt1.0.5
mantisbtmantisbt1.0.6
mantisbtmantisbt1.0.7
mantisbtmantisbt1.0.8
mantisbtmantisbt1.0.9
mantisbtmantisbt1.1.0
mantisbtmantisbt1.1.1
mantisbtmantisbt1.1.2
mantisbtmantisbt1.1.3
mantisbtmantisbt1.1.4
mantisbtmantisbt1.1.5
mantisbtmantisbt1.1.6
mantisbtmantisbt1.1.7
mantisbtmantisbt1.1.8
mantisbtmantisbt1.1.9
mantisbtmantisbt1.2.0
mantisbtmantisbt1.2.1
mantisbtmantisbt1.2.2
mantisbtmantisbt1.2.3
mantisbtmantisbt1.2.4
mantisbtmantisbt1.2.5
mantisbtmantisbt1.2.6
mantisbtmantisbt1.2.7

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.