4 matches found
MantisBT < 2.27.2 Unauthorized Disclosure (GHSA-g582-8vwr-68h2)
The version of MantisBT installed on the remote host is prior to 2.27.2. It is, therefore, affected by a vulnerability as referenced in the GHSA-g582-8vwr-68h2 advisory. - Due to insufficient access-level checks, any non-admin user having access to manageconfigcolumnspage typically project manage...
CVE-2025-62520
Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manageconfigcolumnspage.php can use the Copy From action to retrieve the columns configuration from a private project they have no...
CVE-2025-62520 MantisBT unauthorized disclosure of private project column configuration
Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manageconfigcolumnspage.php can use the Copy From action to retrieve the columns configuration from a private project they have no...
PT-2025-44805
Name of the Vulnerable Software and Affected Versions MantisBT versions 2.27.1 and below Description Mantis Bug Tracker MantisBT is an open source issue tracker. Insufficient access-level checks allow a non-admin user with access to the manage config columns page.php page to retrieve the columns...