Lucene search
GitHub_MCVELIST:CVE-2023-22476HistoryFeb 23, 2023 - 7:00 p.m.
CVE-2023-22476 MantisBT: Exposure of Private issues' summary to unauthorized users
2023-02-2319:00:02
CWE-200
GitHub_M
raw.githubusercontent.com
1
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the Summary field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted bug_arr[] parameter in bug_actiongroup_ext.php. This issue is fixed in version 2.25.6. There are no workarounds.
Related
prion
prion
Design/Logic Flaw
2023-02-23 19:15:00
osv
osv
CVE-2023-22476
2023-02-23 19:15:13
MantisBT may expose private issues' summaries to unauthorized users
2023-02-23 19:39:54
github
github
MantisBT may expose private issues' summaries to unauthorized users
2023-02-23 19:39:54
veracode
veracode
Information Disclosure
2023-03-01 11:27:13
cve
cve
CVE-2023-22476
2023-02-23 19:15:13
nessus
nessus
openvas
openvas
MantisBT < 2.25.6 Multiple Vulnerabilities - Linux
2023-02-27 00:00:00
MantisBT < 2.25.6 Multiple Vulnerabilities - Windows
2023-02-27 00:00:00
freebsd
freebsd
mantis -- multiple vulnerabilities
2023-01-06 00:00:00