CVE-2020-35849

Published: Dec 30, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter.

Affected (1)

Products: Mantisbt: Mantisbt

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mantisbt Mantisbt	Before 2.24.4

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://mantisbt.org/bugs/view.php?id=27370

Source: cve@mitre.org

ExploitIssue TrackingVendor Advisory

https://mantisbt.org/bugs/view.php?id=27370

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.