core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2012-11-16T00:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2012-10-24T00:00:00
Link: CVE-2012-5523
JSON object: View
NVD Information
Status : Modified
Published: 2012-11-16T00:55:01.790
Modified: 2021-01-12T18:05:59.507
Link: CVE-2012-5523
JSON object: View
Redhat Information
No data.
CWE