CVE-2026-34970 MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...

CVE-2020-35849

Affected software: MantisBT prior to 2.24.4. Vulnerability: An incorrect access check in bug_revision_view_page.php lets an unprivileged attacker view the Summary field of private issues and bugnotes revisions via the bugnote_id parameter, resulting in exposure of potentially confidential informa...