What is CVE-2014-8598?

CVE-2014-8598 is a vulnerability in Mantisbt, classified under CWE-19. Published 2014-11-18.

Is CVE-2014-8598 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mantisbt

CVE-2014-8598

The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be…

EPSS: 0.674 (98.6th percentile) — read the EPSS interpretation.

Affected products

Mantisbt
N/a — versions n/a

Weakness classification (CWE)

CWE-19

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
[oss-security] 20141108 CVE-2014-8598: MantisBT XML Import/Export plugin unrestricted access (mailing-list, x_refsource_MLIST)
mantisbt-cve20148598-sec-bypass(98573) (vdb-entry, x_refsource_XF)
70996 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
62101 (x_refsource_SECUNIA, third-party-advisory)
DSA-3120 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2014-8598?: CVE-2014-8598 is a vulnerability in Mantisbt, classified under CWE-19. Published 2014-11-18.
Is CVE-2014-8598 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.