Candidate: CVE-2014-8553
PublicDate: 2014-12-17 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8553
 https://www.mantisbt.org/bugs/view.php?id=17243 (currently private)
 https://github.com/mantisbt/mantisbt/commit/f779e3d4394a0638d822849863c4098421d911c5
Description:
 The mci_account_get_array_by_id function in api/soap/mc_account_api.php in
 MantisBT before 1.2.18 allows remote attackers to obtain sensitive
 information via a (1) mc_project_get_users, (2) mc_issue_get, (3)
 mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mantis:
upstream_mantis: needs-triage
lucid_mantis: ignored (reached end-of-life)
precise_mantis: ignored (reached end-of-life)
precise/esm_mantis: DNE (precise was needed)
trusty_mantis: DNE
trusty/esm_mantis: DNE
utopic_mantis: DNE
vivid_mantis: DNE
vivid/stable-phone-overlay_mantis: DNE
vivid/ubuntu-core_mantis: DNE
wily_mantis: DNE
xenial_mantis: DNE
yakkety_mantis: DNE
zesty_mantis: DNE
devel_mantis: DNE