Candidate: CVE-2008-4688
PublicDate: 2008-10-22 18:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4688
Description:
 core/string_api.php in Mantis before 1.1.3 does not check the privileges of
 the viewer before composing a link with issue data in the source anchor,
 which allows remote attackers to discover an issue's title and status via a
 request with a modified issue number.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_mantis:
upstream_mantis: released (1.1.3)
dapper_mantis: ignored (reached end-of-life)
gutsy_mantis: needed (reached end-of-life)
hardy_mantis: ignored (reached end-of-life)
intrepid_mantis: needed (reached end-of-life)
jaunty_mantis: not-affected (1.1.6+dfsg-2)
karmic_mantis: not-affected (1.1.6+dfsg-2)
lucid_mantis: not-affected (1.1.6+dfsg-2)
maverick_mantis: not-affected (1.1.6+dfsg-2)
natty_mantis: not-affected (1.1.6+dfsg-2)
oneiric_mantis: not-affected (1.1.6+dfsg-2)
devel_mantis: not-affected (1.1.6+dfsg-2)