26 matches found
EUVD-2020-21966
Malware in sbrugna...
EUVD-2023-2812
Malicious code in bioql PyPI...
EUVD-2023-0719
Malicious code in bioql PyPI...
CVE-2023-44394
MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit 65c44883f which has been included in release...
FreeBSD : mantis -- multiple vulnerabilities (1f0d0024-ac9c-11ee-8e91-1c697a013f4b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1f0d0024-ac9c-11ee-8e91-1c697a013f4b advisory. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are...
MantisBT < 2.25.8 Information Disclosure Vulnerability - Linux
MantisBT is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mantisbt:mantisbt";...
MantisBT < 2.25.8 Information Disclosure Vulnerability - Windows
MantisBT is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mantisbt:mantisbt";...
GHSA-V642-MH27-8J6M MantisBT may disclose project names to unauthorized users
Impact Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. Patches The vulnerability has been fixed in MantisBT version 2.25.8...
MantisBT may disclose project names to unauthorized users
Impact Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. Patches The vulnerability has been fixed in MantisBT version 2.25.8...
Design/Logic Flaw
MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit 65c44883f which has been included in release...
CVE-2023-44394 Disclosure of project names to unauthorized users in MantisBT
MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit 65c44883f which has been included in release...
CVE-2023-44394 Disclosure of project names to unauthorized users in MantisBT
MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit 65c44883f which has been included in release...
FreeBSD : mantis -- multiple vulnerabilities (bed545c6-bdb8-11ed-bca8-a33124f1beb1)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bed545c6-bdb8-11ed-bca8-a33124f1beb1 advisory. - moment is a JavaScript date library for parsing, validating, manipulating, and formatting...
GHSA-HF4X-6H87-HM79 MantisBT may expose private issues' summaries to unauthorized users
Impact Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary field of private Issues i.e. having Private view status, or belonging to a private Project via a crafted bugarr parameter in bugactiongroupext.php. Patches The...
MantisBT may expose private issues' summaries to unauthorized users
Impact Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary field of private Issues i.e. having Private view status, or belonging to a private Project via a crafted bugarr parameter in bugactiongroupext.php. Patches The...
CVE-2023-22476
Summary: CVE-2023-22476 affects MantisBT (Mantis Bug Tracker) before 2.25.6 where insufficient access checks allow any logged‑in user with Group Actions privileges to read the Summary of private issues via a crafted bug_arr[] in bug_actiongroup_ext.php. Root cause: inadequate access control on pr...
CVE-2023-22476 MantisBT: Exposure of Private issues' summary to unauthorized users
Mantis Bug Tracker MantisBT is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the Summary field of private Issues i.e. having Private view status, or belonging to a private Proje...
MantisBT 安全漏洞
MantisBT is the Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in a web-operable format. A security vulnerability exists in Mantis Bug Tracker MantisBT versions prior to 2.25.6, which stems from inadequate acce...
MantisBT Authorization Issues Vulnerability
MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A security vulnerability exists in MantisBT versions prior to 2.24.4, which allows any logged in user who is allowed...
CVE-2020-29605
An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bugarr= in a crafted bugactiongrouppage.php URL. The target Issues can have Private view statu...