Lucene search

GitHub Advisory DatabaseGHSA-HF4X-6H87-HM79

HistoryFeb 23, 2023 - 7:39 p.m.

MantisBT may expose private issues' summaries to unauthorized users

2023-02-2319:39:54

CWE-200

GitHub Advisory Database

github.com

mantisbt

security vulnerability

access-level checks

bug summary

bug_actiongroup_ext.php

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

25.6%

JSON

Impact

Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted bug_arr[] parameter in bug_actiongroup_ext.php.

Patches

The vulnerability has been fixed in MantisBT version 2.25.6.

Workarounds

None

Credits

Thanks to d3vpoo1 for reporting the issue.

References

https://mantisbt.org/bugs/view.php?id=31086

Affected configurations

Vulners

Node

mantisbtmantisbtRange≤2.25.5

VendorProductVersionCPE
mantisbtmantisbt*cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mantisbt	mantisbt	*	cpe:2.3:a:mantisbt:mantisbt::::::::

References

github.com/advisories/GHSA-hf4x-6h87-hm79

github.com/mantisbt/mantisbt/security/advisories/GHSA-hf4x-6h87-hm79

mantisbt.org/bugs/view.php?id=31086

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

25.6%

JSON

Related for GHSA-HF4X-6H87-HM79