CVE-2014-9117

Priority
Description
MantisBT before 1.2.18 uses the public_key parameter value as the key to
the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA
protection mechanism by leveraging knowledge of a CAPTCHA answer for a
public_key parameter value, as demonstrated by E4652 for the public_key
value 0.
Notes
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:http://github.com/mantisbt/mantisbt/commit/7bb78e4581ff1092c811ea96582fe602624cdcdd
More Information

Updated: 2020-09-10 03:13:21 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)