Mantis Custom Fields Information Disclosure Vulnerability

BID:21566

Info

Mantis Custom Fields Information Disclosure Vulnerability

Bugtraq ID: 21566
Class: Unknown
CVE: CVE-2006-6574
Remote: Yes
Local: No
Published: Dec 12 2006 12:00AM
Updated: Jan 22 2008 05:18PM
Credit: This vulnerability was disclosed by the vendor.
Vulnerable: Mantis Mantis 1.0.1
Mantis Mantis 1.0 .0RC4
Mantis Mantis 1.0 .0RC3
Mantis Mantis 1.0 .0rc2
Mantis Mantis 1.0 .0rc1
Mantis Mantis 1.0 .0a3
Mantis Mantis 1.0 .0a2
Mantis Mantis 1.0 .0a1
Mantis Mantis 1.0
Mantis Mantis 0.19.4
Mantis Mantis 0.19.3
Mantis Mantis 0.19.2
Mantis Mantis 0.19.1
Mantis Mantis 0.19 .0RC1
Mantis Mantis 0.19 .0a2
Mantis Mantis 0.19 .0a1
Mantis Mantis 0.19 .0a
Mantis Mantis 0.19 .0
Mantis Mantis 0.18.3
Mantis Mantis 0.18.2
Mantis Mantis 0.18 a1
Mantis Mantis 0.18 0rc1
Mantis Mantis 0.18 0a4
Mantis Mantis 0.18 0a3
Mantis Mantis 0.18 0a2
Mantis Mantis 0.18
Mantis Mantis 0.17.5
Mantis Mantis 0.17.5
Mantis Mantis 0.17.4 a
Mantis Mantis 0.17.4 a
Mantis Mantis 0.17.4
Mantis Mantis 0.17.4
Mantis Mantis 0.17.3
Mantis Mantis 0.17.3
Mantis Mantis 0.17.2
Mantis Mantis 0.17.2
Mantis Mantis 0.17.1
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
Mantis Mantis 0.17.1
Mantis Mantis 0.17 .0
Mantis Mantis 0.17
Mantis Mantis 0.16.1
Mantis Mantis 0.16.1
Mantis Mantis 0.16 .0
Mantis Mantis 0.16
Mantis Mantis 0.15.12
Mantis Mantis 0.15.12
Mantis Mantis 0.15.11
Mantis Mantis 0.15.11
Mantis Mantis 0.15.10
Mantis Mantis 0.15.9
Mantis Mantis 0.15.9
Mantis Mantis 0.15.8
Mantis Mantis 0.15.8
Mantis Mantis 0.15.7
Mantis Mantis 0.15.7
Mantis Mantis 0.15.6
Mantis Mantis 0.15.6
Mantis Mantis 0.15.5
Mantis Mantis 0.15.5
Mantis Mantis 0.15.4
Mantis Mantis 0.15.4
Mantis Mantis 0.15.3
Mantis Mantis 0.15.3
Mantis Mantis 0.15.2
Mantis Mantis 0.15.1
Mantis Mantis 0.15
Mantis Mantis 0.14.8
Mantis Mantis 0.14.7
Mantis Mantis 0.14.6
Mantis Mantis 0.14.5
Mantis Mantis 0.14.4
Mantis Mantis 0.14.3
Mantis Mantis 0.14.2
Mantis Mantis 0.14.1
Mantis Mantis 0.14
Mantis Mantis 0.13.1
Mantis Mantis 0.13
Mantis Mantis 0.12
Mantis Mantis 0.11.1
Mantis Mantis 0.11
Mantis Mantis 0.10.2
Mantis Mantis 0.10.1
Mantis Mantis 0.10
Mantis Mantis 0.9.1
Mantis Mantis 0.9
Mantis Mantis 1.0.0 RC5
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Not Vulnerable: Mantis Mantis 1.1.0a2

Discussion

Mantis Custom Fields Information Disclosure Vulnerability

Mantis is prone to an information-disclosure vulnerability because the application fails to protect private information.

Attackers may exploit this issue to retrieve sensitive information that may aid in further attacks.

Versions prior to 1.1.0a2 are vulnerable.

Exploit / POC

Mantis Custom Fields Information Disclosure Vulnerability

An attacker can exploit this issue through a web browser.

Solution / Fix

Mantis Custom Fields Information Disclosure Vulnerability

Solution:
The vendor released Mantis 1.1.0a2 to address this issue. Please see the references for more information.


Mantis Mantis 1.0.0 RC5

Mantis Mantis 0.10

Mantis Mantis 0.10.1

Mantis Mantis 0.10.2

Mantis Mantis 0.11

Mantis Mantis 0.12

Mantis Mantis 0.13

Mantis Mantis 0.13.1

Mantis Mantis 0.14

Mantis Mantis 0.14.1

Mantis Mantis 0.14.2

Mantis Mantis 0.14.3

Mantis Mantis 0.14.4

Mantis Mantis 0.14.5

Mantis Mantis 0.14.8

Mantis Mantis 0.15.1

Mantis Mantis 0.15.10

Mantis Mantis 0.15.11

Mantis Mantis 0.15.11

Mantis Mantis 0.15.12

Mantis Mantis 0.15.12

Mantis Mantis 0.15.2

Mantis Mantis 0.15.3

Mantis Mantis 0.15.3

Mantis Mantis 0.15.4

Mantis Mantis 0.15.5

Mantis Mantis 0.15.6

Mantis Mantis 0.15.6

Mantis Mantis 0.15.7

Mantis Mantis 0.15.7

Mantis Mantis 0.15.8

Mantis Mantis 0.15.8

Mantis Mantis 0.15.9

Mantis Mantis 0.16

Mantis Mantis 0.16.1

Mantis Mantis 0.17 .0

Mantis Mantis 0.17

Mantis Mantis 0.17.1

Mantis Mantis 0.17.1

Mantis Mantis 0.17.2

Mantis Mantis 0.17.2

Mantis Mantis 0.17.3

Mantis Mantis 0.17.3

Mantis Mantis 0.17.4

Mantis Mantis 0.17.4 a

Mantis Mantis 0.17.4 a

Mantis Mantis 0.17.4

Mantis Mantis 0.17.5

Mantis Mantis 0.18 0a2

Mantis Mantis 0.18 0a4

Mantis Mantis 0.18 a1

Mantis Mantis 0.18 0rc1

Mantis Mantis 0.18 0a3

Mantis Mantis 0.18

Mantis Mantis 0.18.2

Mantis Mantis 0.18.3

Mantis Mantis 0.19 .0a2

Mantis Mantis 0.19 .0a1

Mantis Mantis 0.19 .0

Mantis Mantis 0.19 .0a

Mantis Mantis 0.19.1

Mantis Mantis 0.19.2

Mantis Mantis 0.19.3

Mantis Mantis 0.19.4

Mantis Mantis 0.9

Mantis Mantis 0.9.1

Mantis Mantis 1.0 .0rc2

Mantis Mantis 1.0 .0RC3

Mantis Mantis 1.0 .0a1

Mantis Mantis 1.0 .0a2

Mantis Mantis 1.0

Mantis Mantis 1.0 .0rc1

Mantis Mantis 1.0 .0a3

Mantis Mantis 1.0 .0RC4

Mantis Mantis 1.0.1

References

Mantis Custom Fields Information Disclosure Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report