3 matches found
GHSA-HF4X-6H87-HM79 MantisBT may expose private issues' summaries to unauthorized users
Impact Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary field of private Issues i.e. having Private view status, or belonging to a private Project via a crafted bugarr parameter in bugactiongroupext.php. Patches The...
Design/Logic Flaw
Mantis Bug Tracker MantisBT is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the Summary field of private Issues i.e. having Private view status, or belonging to a private Proje...
Improper access control
An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bugarr= in a crafted bugactiongrouppage.php URL. The target Issues can have Private view statu...