Количество 3
Количество 3
CVE-2020-29604
An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information.
CVE-2020-29604
An issue was discovered in MantisBT before 2.24.4. A missing access ch ...
GHSA-f38c-wxp6-8xjv
MantisBT Missing Authorization access check in bug_actiongroup.php
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-29604 An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information. | CVSS3: 6.5 | 0% Низкий | около 5 лет назад |
| CVE-2020-29604 An issue was discovered in MantisBT before 2.24.4. A missing access ch ... | CVSS3: 6.5 | 0% Низкий | около 5 лет назад |
| GHSA-f38c-wxp6-8xjv MantisBT Missing Authorization access check in bug_actiongroup.php | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу