Описание
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mantis | removed | package |
EPSS
Процентиль: 42%
0.00197
Низкий
Связанные уязвимости
CVSS3: 4.3
nvd
около 5 лет назад
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.
CVSS3: 4.3
github
больше 3 лет назад
MantisBT Insecure Storage in manage_proj_edit_page.php
EPSS
Процентиль: 42%
0.00197
Низкий