CVE-2025-62520

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manageconfigcolumnspage.php can use the Copy From action to retrieve the columns configuration from a private project they have no...

MantisBT < 2.27.2 Unauthorized Disclosure (GHSA-g582-8vwr-68h2)

The version of MantisBT installed on the remote host is prior to 2.27.2. It is, therefore, affected by a vulnerability as referenced in the GHSA-g582-8vwr-68h2 advisory. - Due to insufficient access-level checks, any non-admin user having access to manageconfigcolumnspage typically project manage...

CVE-2025-62520

CVE-2025-62520 concerns MantisBT prior to 2.27.2. The issue arises from insufficient access checks in manage_config_columns_page.php, allowing any non-admin user with access to that page to use Copy From to retrieve the columns configuration from a private project they should not access. Affected...

Improper Authorization

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Improper Authorization due to insufficient access-level checks in the manageconfigcolumnspage.php. An attacker can retrieve configuration details from private projects by using the 'Copy From'...

PT-2025-44805

Name of the Vulnerable Software and Affected Versions MantisBT versions 2.27.1 and below Description Mantis Bug Tracker MantisBT is an open source issue tracker. Insufficient access-level checks allow a non-admin user with access to the manage config columns page.php page to retrieve the columns...