CVE-2006-6574

NameCVE-2006-6574
DescriptionMantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1467-1
Debian Bugs402802

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mantissourcesarge0.19.2-5sarge5
mantissource(unstable)1.0.6+dfsg-3402802

Search for package or bug name: Reporting problems