VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 28, 2005· Updated Jun 16, 2026

CVE-2005-4523

CVE-2005-4523

Description

Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

66
  • Mantisbt/Mantis66 versions
    cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*+ 65 more
    • cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*range: <=1.0.0_rc3
    • cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*
    • (no CPE)range: <=1.0.0rc3

Patches

Vulnerability mechanics

Root cause

"Missing access control checks in RSS feed generation allow private bugs to be included in public feeds."

Attack vector

An unauthenticated remote attacker can access public RSS feeds provided by Mantis to obtain information about private bugs. The RSS feeds do not properly filter out issues that should be restricted to authorized users only. By simply requesting the RSS feed URL, the attacker receives bug summaries, descriptions, and other sensitive details that were intended to be private [ref_id=1]. No authentication or special privileges are required.

Affected code

The advisory does not identify a specific function or file path for the RSS disclosure issue. The CVE description states that Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds. The patch [patch_id=1846213] addresses this by modifying RSS-related code, but the exact file paths are not shown in the bundle.

What the fix does

The patch [patch_id=1846213] modifies the RSS feed generation code to check whether a bug is private before including it in the feed output. This ensures that only bugs the requesting user is authorized to see are included in the RSS feed. The fix closes the information disclosure by enforcing access control checks at the RSS generation layer, rather than relying on the feed consumer to filter results.

Preconditions

  • configMantis instance must have RSS feeds enabled and publicly accessible
  • authNo authentication required; attacker can be anonymous
  • networkAttacker must be able to reach the Mantis RSS feed URL over HTTP/HTTPS
  • inputNo special input required; simply requesting the RSS feed URL is sufficient

Reproduction

The advisory [ref_id=1] does not provide specific reproduction steps for the RSS private bug disclosure issue. The public PoC reference points to the same advisory text, which focuses on SQL injection, XSS, CRLF injection, and arbitrary file upload vulnerabilities rather than the RSS disclosure. Therefore, no reproduction steps can be provided from the available bundle.

Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.