Incomplete Blacklist Vulnerability in MantisBT 1.3.x: Unauthorized Access to Sensitive Configuration Information

Incomplete Blacklist Vulnerability in MantisBT 1.3.x: Unauthorized Access to Sensitive Configuration Information

CVE-2014-9759 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.

Learn more about our Api Penetration Testing.