72 matches found
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...
CVE-2026-58419
Notification API leaks private issue metadata after access revocation...
CVE-2026-58419
Notification API leaks private issue metadata after access revocation...
CVE-2026-58419
CVE-2026-58419 affects the Go-Gitea project where the Notification API can leak private issue metadata after access revocation. The Snyk notes describe Information Exposure in multiple internal components of the Gitea web feed/routers, convert, and git modules, with affected code paths in the Not...
CVE-2026-58419 Notification API leaks private issue metadata after access revocation
Notification API leaks private issue metadata after access revocation...
PT-2026-55653
Name of the Vulnerable Software and Affected Versions Notification API affected versions not specified Description The Notification API leaks private issue metadata after access has been revoked. Recommendations At the moment, there is no information about a newer version that contains a fix for...
CVE-2026-34970
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...
CVE-2026-34579
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...
CVE-2026-5377
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process...
CVE-2026-34970
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...
CVE-2026-34970 MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...
CVE-2026-34970
Summary: CVE-2026-34970 affects MantisBT, where versions 2.28.1 and earlier allow a bugnote author to view the Revisions page of a private issue after losing access to that issue. This undermines confidentiality by exposing private issue metadata on the Revisions page. Root cause (as described): ...
EUVD-2026-31005
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...
CVE-2026-34970
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...
CVE-2026-34970 MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...
CVE-2026-34970 MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...
CVE-2026-34579
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...
CVE-2026-34744
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this...