Unrated severityNVD Advisory· Published Oct 22, 2008· Updated Apr 23, 2026
CVE-2008-4689
CVE-2008-4689
Description
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Affected products
12cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*range: <=1.1.2
- cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- secunia.com/advisories/32975nvd
- www.gentoo.org/security/en/glsa/glsa-200812-07.xmlnvd
- www.mantisbt.org/bugs/changelog_page.phpnvd
- www.mantisbt.org/bugs/file_download.phpnvd
- www.mantisbt.org/bugs/view.phpnvd
- www.openwall.com/lists/oss-security/2008/10/20/1nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/46084nvd
News mentions
0No linked articles in our index yet.