VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2666

CVE-2004-2666

Description

Mantis before 20041016 exposes full bug history regardless of view_history_threshold, allowing remote attackers to view private bug details from any bug's web page.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Mantis before 20041016 exposes full bug history regardless of view_history_threshold, allowing remote attackers to view private bug details from any bug's web page.

Vulnerability

In Mantis versions before 20041016, the history_inc.php script does not enforce the view_history_threshold setting. This results in the complete Issue History (Bug History) being displayed on every bug's web page, regardless of the user's permissions. Any remote attacker can access the history by visiting a bug's page, such as view.php?id=X. Affected versions are all Mantis installations prior to the 20041016 release [1][2].

Exploitation

An attacker simply navigates to a bug's web page. No authentication or special privileges are required; the history is always shown. The attacker can retrieve the entire history by requesting the bug's detail page in a web browser or via HTTP requests.

Impact

An attacker gains unauthorized access to sensitive information contained in the bug history, including private comments, status changes, and potentially confidential details such as security vulnerabilities, customer data, or internal discussions. This information is intended to be restricted by the view_history_threshold configuration.

Mitigation

The vulnerability is fixed in Mantis version 20041016. Administrators should upgrade to this version or later. No workarounds are documented in the available references [1][2].

References
  1. MantisBT
  2. MantisBT

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

57
  • Mantisbt/Mantis56 versions
    cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*+ 55 more
    • cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*
  • Mantisbt/Mantisbtllm-fuzzy
    Range: <20041016

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.