VYPR
Unrated severityNVD Advisory· Published Dec 15, 2006· Updated Jun 16, 2026

CVE-2006-6574

CVE-2006-6574

Description

Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17
  • Mantisbt/Mantis17 versions
    cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*range: <=1.1.0a1
    • cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*
    • (no CPE)range: <1.1.0a2

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.