Lucene search

GoogleOSV:CVE-2020-29603

HistoryJan 29, 2021 - 7:15 a.m.

CVE-2020-29603

2021-01-2907:15:17

Google

osv.dev

cve-2020-29603

manage_proj_edit_page

mantisbt

unprivileged user

private projects

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

24.8%

JSON

In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects’ names via the manage_proj_edit_page.php project_id parameter, without having access to them.

References

mantisbt.org/bugs/view.php?id=27357

mantisbt.org/bugs/view.php?id=27726