Lucene search

Veracode Vulnerability DatabaseVERACODE:46890

HistoryMay 14, 2024 - 6:36 a.m.

Information Disclosure

2024-05-1406:36:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

mantisbt

vulnerability

information disclosure

insufficient access checks

hyperlink

users

link label

tooltip

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

mantisbt/mantisbt is vulnerable to Information Disclosure. The vulnerability is due to insufficient access checks when generating hyperlinks for users who do not have access, allowing some information to be revealed via the link, link label, and tooltip.

CPENameOperatorVersion
mantisbt/mantisbtle2.26.1
mantisbt/mantisbtle2.26.1

CPE	Name	Operator	Version
	mantisbt/mantisbt	le	2.26.1
	mantisbt/mantisbt	le	2.26.1

References

github.com/advisories/GHSA-99jc-wqmr-ff2q

github.com/mantisbt/mantisbt/commit/0a50562369d823689c9b946066d1e49d3c2df226

github.com/mantisbt/mantisbt/pull/2000

github.com/mantisbt/mantisbt/security/advisories/GHSA-99jc-wqmr-ff2q

mantisbt.org/bugs/view.php?id=34434

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for VERACODE:46890