Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:52 a.m.5 views

CVE-2023-22476

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the Summary field of private Issues i.e. having Private view status, or belonging to a private Proje...

4.3CVSS6.6AI score0.00608EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/03/09 12:0 a.m.64 views

FreeBSD : mantis -- multiple vulnerabilities (bed545c6-bdb8-11ed-bca8-a33124f1beb1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bed545c6-bdb8-11ed-bca8-a33124f1beb1 advisory. - moment is a JavaScript date library for parsing, validating, manipulating, and formatting...

7.5CVSS6.3AI score0.04923EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2023/02/27 12:0 a.m.26 views

MantisBT < 2.25.6 Multiple Vulnerabilities - Linux

MantisBT is prone to multiple vulnerabilities. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.6AI score0.04923EPSS
Exploits2References3
CVE
CVE
added 2023/02/23 7:0 p.m.71 views

CVE-2023-22476

Summary: CVE-2023-22476 affects MantisBT (Mantis Bug Tracker) before 2.25.6 where insufficient access checks allow any logged‑in user with Group Actions privileges to read the Summary of private issues via a crafted bug_arr[] in bug_actiongroup_ext.php. Root cause: inadequate access control on pr...

4.3CVSS4.1AI score0.00608EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/23 7:0 p.m.5 views

CVE-2023-22476 MantisBT: Exposure of Private issues' summary to unauthorized users

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the Summary field of private Issues i.e. having Private view status, or belonging to a private Proje...

4.3CVSS5.1AI score0.00608EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2023/01/06 12:0 a.m.48 views

mantis -- multiple vulnerabilities

Mantis 2.25.6 release reports: Security and maintenance release 0031086: Private issue summary disclosure CVE-2023-22476 0030772: Update bundled moment.js to 2.29.4 CVE-2022-31129 0030791: Allow adding relation type noopener/noreferrer to outgoing links...

7.5CVSS6.5AI score0.04923EPSS
Exploits2References2
Rows per page
Query Builder