Описание
MantisBT unauthorized disclosure of private project column configuration
Impact
Due to insufficient access-level checks, any non-admin user having access to manage_config_columns_page.php (typically project managers having MANAGER role) can use the Copy From action to retrieve the columns configuration from a private project they have no access to.
Access to the reverse operation (Copy To) is correctly controlled, i.e. it is not possible to alter the private project's configuration.
Patches
The vulnerability will be fixed in MantisBT version 2.27.2.
Workarounds
None
Credits
Thanks to d3vpoo1 for reporting the issue.
Пакеты
mantisbt/mantisbt
< 2.27.2
2.27.2
Связанные уязвимости
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manage_config_columns_page.php can use the Copy From action to retrieve the columns configuration from a private project they have no access to. This issue is fixed in version 2.27.2.
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...