Описание
MantisBT may expose private issues' summaries to unauthorized users
Impact
Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted bug_arr[] parameter in bug_actiongroup_ext.php.
Patches
The vulnerability has been fixed in MantisBT version 2.25.6.
Workarounds
None
Credits
Thanks to d3vpoo1 for reporting the issue.
References
Пакеты
mantisbt/mantisbt
<= 2.25.5
2.25.6
Связанные уязвимости
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds.
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...