Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
2006-12-14T01:28:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 10.0 (HIGH)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mantis | mantis | ≤ 1.1.0a1 | Yes |
| Application | mantis | mantis | 1.0.0 | Yes |
| Application | mantis | mantis | 1.0.0_rc1 | Yes |
| Application | mantis | mantis | 1.0.0_rc2 | Yes |
| Application | mantis | mantis | 1.0.0_rc3 | Yes |
| Application | mantis | mantis | 1.0.0_rc4 | Yes |
| Application | mantis | mantis | 1.0.0_rc5 | Yes |
| Application | mantis | mantis | 1.0.0a1 | Yes |
| Application | mantis | mantis | 1.0.0a2 | Yes |
| Application | mantis | mantis | 1.0.0a3 | Yes |
| Application | mantis | mantis | 1.0.1 | Yes |
| Application | mantis | mantis | 1.0.2 | Yes |
| Application | mantis | mantis | 1.0.3 | Yes |
| Application | mantis | mantis | 1.0.4 | Yes |
| Application | mantis | mantis | 1.0.5 | Yes |
| Application | mantis | mantis | 1.0.6 | Yes |