An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter.
References
Link | Resource |
---|---|
https://mantisbt.org/bugs/view.php?id=27370 | Exploit Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-30T18:04:07
Updated: 2020-12-30T18:04:07
Reserved: 2020-12-30T00:00:00
Link: CVE-2020-35849
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-30T19:15:13.903
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-35849
JSON object: View
Redhat Information
No data.
CWE