Red Hat Bugzilla – Bug 1295393
CVE-2014-9759 mantis: crypto_master_salt sensitive config was disclosed via SOAP API
Last modified: 2016-01-04 05:48:46 EST
It was found that config options of crypto_master_salt was available via SOAP API, due to wrong spelling, since MantisBT sensitive config options were blacklisted to prevent their access via SOAP API.
After this vulnerability appeared, MantisBT was hardened to use whitelist approach instead of blacklisting:
Created mantis tracking bugs for this issue:
Affects: fedora-all [bug 1295394]
Affects: epel-5 [bug 1295395]