An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
References
Link | Resource |
---|---|
http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516e93 | Patch Third Party Advisory |
http://github.com/mantisbt/mantisbt/commit/9de20c09e5a557e57159a61657ce62f1a4f578fe | Patch Third Party Advisory |
https://mantisbt.org/bugs/view.php?id=27039 | Exploit Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-30T20:31:13
Updated: 2020-09-30T20:31:13
Reserved: 2020-09-19T00:00:00
Link: CVE-2020-25781
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-30T21:15:13.230
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-25781
JSON object: View
Redhat Information
No data.
CWE