Launchpad CVE tracker

CVE 2006-6574

Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.

Related bugs and status

CVE-2006-6574 (Candidate) is related to these bugs:

Bug #185021: [mantis] [CVE-2006-6574] [CVE-2007-6611] remote vulnerabilities

		In	Importance	Status
185021	[mantis] [CVE-2006-6574] [CVE-2007-6611] remote vulnerabilities	mantis (Ubuntu)	Undecided	Fix Released
185021	[mantis] [CVE-2006-6574] [CVE-2007-6611] remote vulnerabilities	mantis (Debian)	Unknown	Fix Released
185021	[mantis] [CVE-2006-6574] [CVE-2007-6611] remote vulnerabilities	mantis (Ubuntu Dapper)	Undecided	Won't Fix
185021	[mantis] [CVE-2006-6574] [CVE-2007-6611] remote vulnerabilities	mantis (Ubuntu Edgy)	Undecided	Won't Fix
185021	[mantis] [CVE-2006-6574] [CVE-2007-6611] remote vulnerabilities	mantis (Ubuntu Feisty)	Undecided	Won't Fix
185021	[mantis] [CVE-2006-6574] [CVE-2007-6611] remote vulnerabilities	mantis (Ubuntu Gutsy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2006-6574

References