View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0022737 | mantisbt | security | public | 2017-04-16 10:15 | 2020-12-30 09:14 |
Reporter | j_schultz | Assigned To | dregad | ||
Priority | urgent | Severity | block | Reproducibility | N/A |
Status | closed | Resolution | no change required | ||
Product Version | 2.3.0 | ||||
Summary | 0022737: CVE-2017-7615 bugfix needs to be made public as soon as possible | ||||
Description | My issue tracker running Mantis 2.3.0 was apparently attacked merely two hours after the issue was made semi-public on the security update miling list for Mantis. There is no point in keeping this information "confidential" anymore as instructed in the mail, it is already public knowledge by attackers. For instance, on my installation, the admin account was reset and all issues were deleted - not a big deal since I got backups, but still very annoying and other people might be worse off. | ||||
Tags | No tags attached. | ||||